| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/Infected.WebPage.Gen3 und Rechner langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.11.2014, 11:39
| #1 |
 |  HTML/Infected.WebPage.Gen3 und Rechner langsam Hallo, seit einigen Tagen ist mein Rechner etwas lahm. Auffällig ist auch eine verzögerte Tastatureingabe z.B. auf Websiten. Heute morgen poppte dann Avira auf und meldete den o.a. Fund. Ich möchte den Rechner nun mal wieder komplett durchchecken und dem Fund auf die Spur kommen. Übrigens benutze ich den Rechner teils beruflich. Allerdings bin ich ein 1-Mann-Büro und habe keine eigene IT-Abteilung. Wäre also schön, wenn es trotzdem klappt und Ihr mir helfen könnt. Hier die Logs... defogger.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:00 on 21/11/2014 (tcee)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Exportierte Ereignisse:
21.11.2014 07:44 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\username\AppData\Local\Mozilla\Firefox\Profiles\h6rodsf6.default-14017146
18966\cache2\entries\9BE4A88A8B2A435CB04DE3E461819C7167DAFEFA'
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen3'
[virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Username (administrator) on Username-THINK on 21-11-2014 10:18:33
Running from C:\Users\Username\Desktop
Loaded Profile: Username (Available profiles: UpdatusUser & Username & Username)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///H:/Mydlink/activeX/DCP.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///H:/Mydlink/activeX/aplugLiteDL.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1502850821-2927420759-2148834354-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: Default Full Zoom Level - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-11-20]
FF Extension: Firebug - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-05-06]
FF Extension: NoScript - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-22]
FF Extension: MeasureIt - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-07-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
Chrome:
=======
CHR Profile: C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2012-02-27] (Lenovo.)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S2 bckd; system32\drivers\bckd.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 10:18 - 2014-11-21 10:19 - 00020429 _____ () C:\Users\Username\Desktop\FRST.txt
2014-11-21 10:17 - 2014-11-21 10:17 - 02117632 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2014-11-21 10:00 - 2014-11-21 10:00 - 00000470 _____ () C:\Users\Username\Desktop\defogger_disable.log
2014-11-21 09:59 - 2014-11-21 09:59 - 00050477 _____ () C:\Users\Username\Desktop\Defogger.exe
2014-11-21 07:12 - 2014-11-21 07:12 - 00000022 _____ () C:\Windows\S.dirmngr
2014-11-20 10:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 10:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 10:35 - 2014-11-19 17:15 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Skype
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-17 10:35 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\Username\AppData\Local\Skype
2014-11-17 10:34 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-17 10:34 - 2014-11-17 10:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-16 11:09 - 2014-11-17 21:22 - 00000713 _____ () C:\Users\Username\Desktop\Strategies.txt
2014-11-12 14:44 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:44 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:44 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:44 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:44 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:44 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:44 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:44 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:44 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:44 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:44 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:44 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:44 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:44 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:43 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:43 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:42 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:42 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:42 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:42 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:42 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:42 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:42 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:42 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:40 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:40 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-10 10:30 - 2014-11-10 10:30 - 06126536 _____ (Tim Kosse) C:\Users\Username\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-09 11:41 - 2014-11-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-09 11:40 - 2014-11-09 11:41 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-09 11:37 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-09 11:36 - 2014-11-09 11:36 - 00000000 ____D () C:\Program Files\iPod
2014-11-09 11:29 - 2014-11-09 11:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-09 11:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:09 - 2014-11-21 09:50 - 00000335 _____ () C:\Users\Username\Desktop\Todo.txt
2014-10-24 14:13 - 2014-11-20 09:40 - 00000033 _____ () C:\Users\Username\DesktopAD.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 10:19 - 2014-10-17 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 10:18 - 2014-06-01 13:02 - 00000000 ____D () C:\FRST
2014-11-21 09:51 - 2014-10-17 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 09:36 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:36 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 09:32 - 2012-03-30 03:40 - 02035088 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 09:26 - 2014-08-23 07:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 08:44 - 2012-03-30 13:23 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 08:44 - 2012-03-30 13:23 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 08:44 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 08:32 - 2014-03-11 17:24 - 00046158 _____ () C:\Windows\setupact.log
2014-11-21 07:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 10:32 - 2013-08-01 17:33 - 00000000 ____D () C:\Users\Username\AppData\Roaming\vlc
2014-11-20 10:22 - 2014-10-19 18:46 - 00000100 _____ () C:\Users\Username\Desktop\Baumarkt.txt
2014-11-20 10:09 - 2014-08-23 07:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-20 10:09 - 2012-04-15 07:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 10:09 - 2012-04-15 07:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 10:08 - 2014-06-27 12:19 - 00000000 ____D () C:\Users\Username\AppData\Local\Adobe
2014-11-20 10:02 - 2012-07-23 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 10:01 - 2012-05-06 10:49 - 00000000 ____D () C:\Users\Username\AppData\Roaming\FileZilla
2014-11-20 09:34 - 2012-07-20 10:31 - 00000000 ____D () C:\Users\Username\AppData\Local\Adobe
2014-11-18 17:05 - 2014-09-03 15:14 - 00000285 _____ () C:\Users\Username\Desktop\Wohnung Todo.txt
2014-11-16 10:27 - 2012-05-06 07:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-15 19:52 - 2013-11-17 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 09:18 - 2012-07-23 07:14 - 00000000 ____D () C:\Users\Username\AppData\Local\Akamai
2014-11-13 15:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 19:13 - 2012-10-01 09:53 - 00000000 ____D () C:\Users\Username\AppData\Roaming\FileZilla
2014-11-12 19:04 - 2012-08-17 13:03 - 00001456 _____ () C:\Users\Username\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-11-12 18:35 - 2009-07-14 05:45 - 04969680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:14 - 2014-10-17 19:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 15:14 - 2014-10-17 19:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 14:53 - 2013-07-11 07:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 14:46 - 2012-04-14 16:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 14:11 - 2010-11-21 04:47 - 01111468 _____ () C:\Windows\PFRO.log
2014-11-11 09:55 - 2012-08-15 07:02 - 00000000 ____D () C:\Users\Username\AppData\Local\Lenovo
2014-11-09 12:47 - 2014-02-14 08:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-09 12:44 - 2014-02-14 08:10 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-11-09 11:36 - 2014-09-15 08:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-09 11:36 - 2013-09-27 09:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\Users\Username\AppData\Roaming\Malwarebytes
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 11:18 - 2012-04-14 07:03 - 00086336 _____ () C:\Users\Username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 17:28 - 2012-04-14 19:40 - 00086336 _____ () C:\Users\Username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 15:44 - 2013-09-06 09:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 19:04 - 2012-04-14 19:40 - 00000000 ____D () C:\Users\Username
2014-10-22 20:05 - 2013-08-01 17:33 - 00000000 ____D () C:\Users\Username\AppData\Roaming\dvdcss
Some content of TEMP:
====================
C:\Users\Username\AppData\Local\Temp\avgnt.exe
C:\Users\Username\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 11:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Username at 2014-11-21 10:20:08
Running from C:\Users\Username\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998929134.48.56.6499218 - Audible, Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Deutsch (DE) + Pali (HKLM\...\{4CD3A532-B3F8-41D3-B91D-A9B6A53BE0E6}) (Version: 1.0.3.40 - Frank Snow)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Forex Tester 2.8.10 (HKLM-x32\...\{F5EC7F6B-B68B-433C-AA20-54EDFE76191D}_is1) (Version: - Forex Tester Software)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.2.2) (HKLM-x32\...\GPG4Win) (Version: 2.2.2 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Logitech Media Server 7.7.2 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.2 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
OpenOffice 4.0.1 Language Pack (German) (HKLM-x32\...\{0C55CCF1-29E2-4481-A31F-1FDF19E038F2}) (Version: 4.01.9714 - Apache Software Foundation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice Beta 4.1.0 (HKLM-x32\...\{E0284E69-DDCE-4AB0-9A6B-22DC9CB8D7DB}) (Version: 4.10.9760 - Apache Software Foundation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.67 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
==================== Restore Points =========================
10-11-2014 13:20:24 Windows Update
12-11-2014 13:44:21 Windows Update
12-11-2014 17:44:08 Windows Update
16-11-2014 09:39:43 Windows Update
19-11-2014 20:12:59 Windows Update
20-11-2014 09:18:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-02-02 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03C8D2F7-C5F5-4207-8235-3D9C5A7028A2} - System32\Tasks\AdobeAAMUpdater-1.0-Username-THINK-Username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6
Task: {0EFF2205-FC92-44C3-9847-11F40B84514D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {1949FBA0-C3CD-4D95-8CF4-D8C1EC416BE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1BF94E8A-9370-4315-AFAE-C59B52FBA257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {2A5074E8-5ACC-4D7C-B8E2-2B7689FB6C3A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19
Task: {3B6F8732-8E3E-481A-B032-D48CCB0ABCA7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3EA94329-78C3-4A77-80AB-3269078D89FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware!
Task: {61294AAE-7DAC-42BD-9822-5DE8BD747EE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-02-27] (Lenovo Group Limited)
Task: {66736ADD-A74A-447E-B881-2B7FE342DDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00
Task: {76E282E5-6E12-4B64-8961-BEF23A694991} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8594D661-1412-43A1-A9D5-0614214D5250} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5
Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4
Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3
Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16
Task: {B8D51834-255C-4F7F-A4B0-E0B06BF29BAB} - System32\Tasks\AdobeAAMUpdater-1.0-Username-THINK-Username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {BBB9866A-4406-48CE-B73C-56A803CA3F21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {C760EC6E-D7A4-4102-8410-CAC7AD31BB11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1
Task: {CE893D65-78EE-4A76-B74F-22666E11AA10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2
Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17
Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18
Task: {FB7DC5DC-1E7F-4A05-BFD7-F51EF09F2B08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-03 12:07 - 2014-09-03 12:07 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-03-30 03:50 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-03-30 03:54 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 09:08 - 2014-10-03 09:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2012-03-30 03:57 - 2012-02-27 19:07 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 11:48 - 2014-09-03 11:48 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-09-03 11:41 - 2014-09-03 11:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 11:56 - 2014-09-03 11:56 - 00742400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-11-17 08:40 - 2014-11-15 19:52 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-20 10:07 - 2014-11-20 10:07 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\Windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk.Startup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1502850821-2927420759-2148834354-500 - Administrator - Disabled)
Gast (S-1-5-21-1502850821-2927420759-2148834354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502850821-2927420759-2148834354-1003 - Limited - Enabled)
Username (S-1-5-21-1502850821-2927420759-2148834354-1004 - Limited - Enabled) => C:\Users\Username
Username (S-1-5-21-1502850821-2927420759-2148834354-1001 - Administrator - Enabled) => C:\Users\Username
UpdatusUser (S-1-5-21-1502850821-2927420759-2148834354-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: bckd
Description: bckd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bckd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2014 07:13:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:26:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 01:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 10:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (11/20/2014 10:30:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x140c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (11/20/2014 09:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 02:13:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:18:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/21/2014 07:12:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 09:52:34 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/20/2014 09:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 06:25:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 01:58:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/20/2014 09:24:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 09:01:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 02:12:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/19/2014 09:17:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/18/2014 07:32:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/21/2014 07:13:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 09:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:26:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 01:58:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 10:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d11ac01d004a49374355eC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll213f526e-7098-11e4-bd49-f0def1dce4ed
Error: (11/20/2014 10:30:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d140c01d004a396b5bf6aC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllcf163a6a-7097-11e4-bd49-f0def1dce4ed
Error: (11/20/2014 09:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 02:13:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 09:18:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-02-02 08:17:34.626
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.423
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.064
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.874
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8075.23 MB
Available physical RAM: 5545.19 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13402.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:100 GB) (Free:24.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (data) (Fixed) (Total:348.67 GB) (Free:316.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B2FF4958)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-21 11:12:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\username\AppData\Local\Temp\kgtiyaow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077521401 2 bytes JMP 7557b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077521419 2 bytes JMP 7557b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077521431 2 bytes JMP 755f8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007752144a 2 bytes CALL 755548ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775214dd 2 bytes JMP 755f87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775214f5 2 bytes JMP 755f8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007752150d 2 bytes JMP 755f8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077521525 2 bytes JMP 755f8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007752153d 2 bytes JMP 7556fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077521555 2 bytes JMP 755768ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007752156d 2 bytes JMP 755f8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077521585 2 bytes JMP 755f8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007752159d 2 bytes JMP 755f865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775215b5 2 bytes JMP 7556fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775215cd 2 bytes JMP 7557b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775216b2 2 bytes JMP 755f8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775216bd 2 bytes JMP 755f85f1 C:\Windows\syswow64\KERNEL32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3b79452
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3b79452 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
21.11.2014, 12:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HTML/Infected.WebPage.Gen3 und Rechner langsam Hi,
__________________bitte ein Log mit Kaspersky machen und in CODE-Tags posten Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
21.11.2014, 12:27
| #3 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam Hallo cosinus,
__________________erstmal Danke, dass Du Dich meiner annimmst. Hier das Logfile: Code:
ATTFilter 12:12:05.0182 0x0d3c TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:12:10.0355 0x0d3c ============================================================
12:12:10.0355 0x0d3c Current date / time: 2014/11/21 12:12:10.0355
12:12:10.0355 0x0d3c SystemInfo:
12:12:10.0355 0x0d3c
12:12:10.0355 0x0d3c OS Version: 6.1.7601 ServicePack: 1.0
12:12:10.0355 0x0d3c Product type: Workstation
12:12:10.0356 0x0d3c ComputerName: username-THINK
12:12:10.0356 0x0d3c UserName: username
12:12:10.0356 0x0d3c Windows directory: C:\Windows
12:12:10.0356 0x0d3c System windows directory: C:\Windows
12:12:10.0356 0x0d3c Running under WOW64
12:12:10.0356 0x0d3c Processor architecture: Intel x64
12:12:10.0356 0x0d3c Number of processors: 8
12:12:10.0356 0x0d3c Page size: 0x1000
12:12:10.0356 0x0d3c Boot type: Normal boot
12:12:10.0356 0x0d3c ============================================================
12:12:11.0076 0x0d3c KLMD registered as C:\Windows\system32\drivers\32773623.sys
12:12:11.0873 0x0d3c System UUID: {D801A976-306B-32DE-F7D4-14BDE767554B}
12:12:13.0397 0x0d3c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:12:13.0426 0x0d3c ============================================================
12:12:13.0426 0x0d3c \Device\Harddisk0\DR0:
12:12:13.0426 0x0d3c MBR partitions:
12:12:13.0426 0x0d3c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
12:12:13.0426 0x0d3c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC800000
12:12:13.0437 0x0d3c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCAEF000, BlocksNum 0x2B956800
12:12:13.0438 0x0d3c \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
12:12:13.0438 0x0d3c ============================================================
12:12:13.0474 0x0d3c C: <-> \Device\Harddisk0\DR0\Partition2
12:12:13.0520 0x0d3c Q: <-> \Device\Harddisk0\DR0\Partition4
12:12:13.0553 0x0d3c D: <-> \Device\Harddisk0\DR0\Partition3
12:12:13.0554 0x0d3c ============================================================
12:12:13.0554 0x0d3c Initialize success
12:12:13.0554 0x0d3c ============================================================
12:13:08.0736 0x1b14 ============================================================
12:13:08.0736 0x1b14 Scan started
12:13:08.0736 0x1b14 Mode: Manual; SigCheck; TDLFS;
12:13:08.0736 0x1b14 ============================================================
12:13:08.0736 0x1b14 KSN ping started
12:13:11.0294 0x1b14 KSN ping finished: true
12:13:12.0152 0x1b14 ================ Scan system memory ========================
12:13:12.0152 0x1b14 System memory - ok
12:13:12.0152 0x1b14 ================ Scan services =============================
12:13:12.0324 0x1b14 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:13:12.0511 0x1b14 1394ohci - ok
12:13:12.0573 0x1b14 [ F4AF97702BAD85BFEF64B9A557F11B6F, 8255B2FBE64C60562A7DAAAD575EED49EE0D23DD42E5C76C988B8A3673843EA6 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
12:13:12.0651 0x1b14 5U877 - ok
12:13:12.0698 0x1b14 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:13:12.0745 0x1b14 ACPI - ok
12:13:12.0776 0x1b14 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:13:12.0870 0x1b14 AcpiPmi - ok
12:13:12.0948 0x1b14 [ 6C4B9E202A497782070CE383CBD5D737, DE09569366AF09314BF75D024F36D30C17D1C36D330855A84E669F366163E780 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
12:13:12.0994 0x1b14 AcPrfMgrSvc - ok
12:13:13.0041 0x1b14 [ B3BF04C7E3E4FB0925BB4F8422763A3D, 77E5205D67167B8E00A7AFC6A78ACCDF5FE6EE8854166CF853DEEC260E87E58E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
12:13:13.0072 0x1b14 AcSvc - ok
12:13:13.0166 0x1b14 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:13:13.0182 0x1b14 AdobeARMservice - ok
12:13:13.0338 0x1b14 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:13:13.0384 0x1b14 AdobeFlashPlayerUpdateSvc - ok
12:13:13.0447 0x1b14 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:13:13.0525 0x1b14 adp94xx - ok
12:13:13.0587 0x1b14 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:13:13.0650 0x1b14 adpahci - ok
12:13:13.0696 0x1b14 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:13:13.0743 0x1b14 adpu320 - ok
12:13:13.0790 0x1b14 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:13:13.0977 0x1b14 AeLookupSvc - ok
12:13:14.0040 0x1b14 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
12:13:14.0133 0x1b14 AFD - ok
12:13:14.0180 0x1b14 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:13:14.0227 0x1b14 agp440 - ok
12:13:14.0258 0x1b14 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:13:14.0320 0x1b14 ALG - ok
12:13:14.0367 0x1b14 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:13:14.0398 0x1b14 aliide - ok
12:13:14.0430 0x1b14 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:13:14.0461 0x1b14 amdide - ok
12:13:14.0492 0x1b14 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:13:14.0539 0x1b14 AmdK8 - ok
12:13:14.0554 0x1b14 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:13:14.0617 0x1b14 AmdPPM - ok
12:13:14.0664 0x1b14 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:13:14.0710 0x1b14 amdsata - ok
12:13:14.0726 0x1b14 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:13:14.0788 0x1b14 amdsbs - ok
12:13:14.0804 0x1b14 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:13:14.0851 0x1b14 amdxata - ok
12:13:14.0898 0x1b14 [ D86564B66FB10C73C13F40F7D8E40FE6, 5D31327759436446AC63A385B2BD1A4759D180A855941AE42245C5769724FBED ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
12:13:14.0960 0x1b14 AMPPAL - ok
12:13:14.0976 0x1b14 [ D86564B66FB10C73C13F40F7D8E40FE6, 5D31327759436446AC63A385B2BD1A4759D180A855941AE42245C5769724FBED ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
12:13:15.0007 0x1b14 AMPPALP - ok
12:13:15.0132 0x1b14 [ 9BE647AB104153BD0053EB4A48F50B31, 06BE3CA2C3F0D675DC3802BE8D12511495553EA1FB8118427998F5D2EDA550C7 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:13:15.0210 0x1b14 AMPPALR3 - ok
12:13:15.0319 0x1b14 [ 6F1BBF101B6DC9D34A564C2009D83B63, 1679D48C5A2CE6434E09F1D1330E616F8130C7A0ADF5C14D847CCEABDDA2950E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:13:15.0381 0x1b14 AntiVirSchedulerService - ok
12:13:15.0444 0x1b14 [ 6F1BBF101B6DC9D34A564C2009D83B63, 1679D48C5A2CE6434E09F1D1330E616F8130C7A0ADF5C14D847CCEABDDA2950E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:13:15.0506 0x1b14 AntiVirService - ok
12:13:15.0553 0x1b14 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
12:13:15.0615 0x1b14 AppID - ok
12:13:15.0631 0x1b14 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:13:15.0678 0x1b14 AppIDSvc - ok
12:13:15.0740 0x1b14 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:13:15.0787 0x1b14 Appinfo - ok
12:13:15.0880 0x1b14 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:13:15.0896 0x1b14 Apple Mobile Device - ok
12:13:15.0943 0x1b14 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
12:13:16.0005 0x1b14 AppMgmt - ok
12:13:16.0036 0x1b14 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
12:13:16.0083 0x1b14 arc - ok
12:13:16.0099 0x1b14 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:13:16.0146 0x1b14 arcsas - ok
12:13:16.0239 0x1b14 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:13:16.0286 0x1b14 aspnet_state - ok
12:13:16.0317 0x1b14 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:13:16.0411 0x1b14 AsyncMac - ok
12:13:16.0442 0x1b14 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:13:16.0473 0x1b14 atapi - ok
12:13:16.0551 0x1b14 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:13:16.0645 0x1b14 AudioEndpointBuilder - ok
12:13:16.0707 0x1b14 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:13:16.0785 0x1b14 AudioSrv - ok
12:13:16.0848 0x1b14 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:13:16.0941 0x1b14 avgntflt - ok
12:13:16.0988 0x1b14 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:13:17.0097 0x1b14 avipbb - ok
12:13:17.0175 0x1b14 [ F21955927D1C99206A8B91DE2CCE85E1, 26A6155CF46123C489CBE19B5B3E3B0D9ED02C9388E57058724B0FFB7D7C08B5 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
12:13:17.0222 0x1b14 Avira.OE.ServiceHost - ok
12:13:17.0253 0x1b14 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:13:17.0284 0x1b14 avkmgr - ok
12:13:17.0331 0x1b14 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:13:17.0409 0x1b14 AxInstSV - ok
12:13:17.0472 0x1b14 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:13:17.0581 0x1b14 b06bdrv - ok
12:13:17.0628 0x1b14 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:13:17.0706 0x1b14 b57nd60a - ok
12:13:17.0737 0x1b14 bckd - ok
12:13:17.0971 0x1b14 [ 950E6EA686AEA8BC970132B9DD2093DE, CC2B810A676C144CFC1547D982DFC223D12533109F6E7B15E3E3C73F170D4CA8 ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
12:13:18.0189 0x1b14 bckwfs - ok
12:13:18.0267 0x1b14 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:13:18.0314 0x1b14 BDESVC - ok
12:13:18.0361 0x1b14 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:13:18.0361 0x0964 Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
12:13:18.0454 0x1b14 Beep - ok
12:13:18.0532 0x1b14 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:13:18.0642 0x1b14 BFE - ok
12:13:18.0720 0x1b14 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:13:18.0969 0x1b14 BITS - ok
12:13:19.0000 0x1b14 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:13:19.0047 0x1b14 blbdrive - ok
12:13:19.0125 0x1b14 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:13:19.0172 0x1b14 Bonjour Service - ok
12:13:19.0203 0x1b14 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:13:19.0281 0x1b14 bowser - ok
12:13:19.0312 0x1b14 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:13:19.0359 0x1b14 BrFiltLo - ok
12:13:19.0375 0x1b14 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:13:19.0422 0x1b14 BrFiltUp - ok
12:13:19.0468 0x1b14 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:13:19.0578 0x1b14 BridgeMP - ok
12:13:19.0624 0x1b14 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:13:19.0671 0x1b14 Browser - ok
12:13:19.0718 0x1b14 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:13:19.0796 0x1b14 Brserid - ok
12:13:19.0843 0x1b14 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:13:19.0890 0x1b14 BrSerWdm - ok
12:13:19.0921 0x1b14 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:13:19.0968 0x1b14 BrUsbMdm - ok
12:13:19.0999 0x1b14 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:13:20.0061 0x1b14 BrUsbSer - ok
12:13:20.0092 0x1b14 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:13:20.0155 0x1b14 BthEnum - ok
12:13:20.0186 0x1b14 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:13:20.0248 0x1b14 BTHMODEM - ok
12:13:20.0280 0x1b14 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:13:20.0342 0x1b14 BthPan - ok
12:13:20.0420 0x1b14 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:13:20.0514 0x1b14 BTHPORT - ok
12:13:20.0560 0x1b14 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:13:20.0670 0x1b14 bthserv - ok
12:13:20.0701 0x1b14 [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:13:20.0732 0x1b14 BTHSSecurityMgr - ok
12:13:20.0763 0x1b14 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:13:20.0810 0x1b14 BTHUSB - ok
12:13:20.0888 0x1b14 [ 8834F87A6A745872894DF8223201A6C3, B8C26E11EAAB4A93E4241B4B6F00C1CA05501011E28D6A06D4B009BA4E3AB7CD ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
12:13:20.0950 0x1b14 BTWAMPFL - ok
12:13:20.0982 0x1b14 [ 9863D82ECBEC6106D377ED73680D99D8, 27DA7335BB14BBF9DC627C8F97ED59BA3479E5E084704AE4C16B1A3E67CB184C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:13:21.0013 0x0964 Object send P2P result: true
12:13:21.0028 0x1b14 btwaudio - ok
12:13:21.0060 0x1b14 [ 3432DD66AE75AB2DE6D0527AD78DBFC7, C2DEB409CDA3621E33E429E592A81E09095C52CDCE36732C9BEA00B92994E44D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
12:13:21.0106 0x1b14 btwavdt - ok
12:13:21.0216 0x1b14 [ EB4AFE08FB39BB444F221D7D501E0915, 2AF8ECEEAB5A0E972660C1553B555E49C49F19500ABD67DFEB9BEBA7E577A700 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
12:13:21.0309 0x1b14 btwdins - ok
12:13:21.0340 0x1b14 [ 382DC5A631CED0462EA09B7EB898BDBF, 7457145E194310F4EB9273471EA41100D3A1448BC2A366064B25A212B389AACB ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:13:21.0372 0x1b14 btwl2cap - ok
12:13:21.0403 0x1b14 [ 13A9C2CEDD44C175E6CA39A536795CA6, 13D6D24C2127E6A5E9AB2DFAA9729D57AA6CFCC72DFACF78E4DE7E63ABA122DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:13:21.0434 0x1b14 btwrchid - ok
12:13:21.0621 0x1b14 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:13:21.0747 0x1b14 c2cautoupdatesvc - ok
12:13:21.0919 0x1b14 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:13:22.0075 0x1b14 c2cpnrsvc - ok
12:13:22.0137 0x1b14 catchme - ok
12:13:22.0168 0x1b14 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:13:22.0277 0x1b14 cdfs - ok
12:13:22.0324 0x1b14 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:13:22.0387 0x1b14 cdrom - ok
12:13:22.0433 0x1b14 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:13:22.0543 0x1b14 CertPropSvc - ok
12:13:22.0558 0x1b14 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
12:13:22.0621 0x1b14 circlass - ok
12:13:22.0667 0x1b14 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:13:22.0730 0x1b14 CLFS - ok
12:13:22.0792 0x1b14 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:22.0823 0x1b14 clr_optimization_v2.0.50727_32 - ok
12:13:22.0870 0x1b14 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:13:22.0901 0x1b14 clr_optimization_v2.0.50727_64 - ok
12:13:22.0964 0x1b14 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:23.0011 0x1b14 clr_optimization_v4.0.30319_32 - ok
12:13:23.0026 0x1b14 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:13:23.0057 0x1b14 clr_optimization_v4.0.30319_64 - ok
12:13:23.0089 0x1b14 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:13:23.0151 0x1b14 CmBatt - ok
12:13:23.0182 0x1b14 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:13:23.0213 0x1b14 cmdide - ok
12:13:23.0291 0x1b14 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
12:13:23.0385 0x1b14 CNG - ok
12:13:23.0541 0x1b14 [ 5BEC441B6B91E874C987C06F98176D90, FA4B523271947AE908C41BA2ABB1E4871359C8DE21E0ECC2B4CD49F734EF8FB4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
12:13:23.0697 0x1b14 CnxtHdAudService - ok
12:13:23.0728 0x1b14 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:13:23.0759 0x1b14 Compbatt - ok
12:13:23.0791 0x1b14 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:13:23.0853 0x1b14 CompositeBus - ok
12:13:23.0884 0x1b14 COMSysApp - ok
12:13:23.0900 0x1b14 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:13:23.0947 0x1b14 crcdisk - ok
12:13:23.0993 0x1b14 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:13:24.0056 0x1b14 CryptSvc - ok
12:13:24.0103 0x1b14 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
12:13:24.0212 0x1b14 CSC - ok
12:13:24.0290 0x1b14 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
12:13:24.0368 0x1b14 CscService - ok
12:13:24.0415 0x1b14 [ 9D0D050170D47E778B624A28C90F23DE, 48528AA9EB0C9FB5086D992EF1F9556C8249D267C2E3D4E681D5C8B6BC316C71 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
12:13:24.0461 0x1b14 CxAudMsg - ok
12:13:24.0524 0x1b14 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:13:24.0664 0x1b14 DcomLaunch - ok
12:13:24.0711 0x1b14 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:13:24.0820 0x1b14 defragsvc - ok
12:13:24.0851 0x1b14 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:13:24.0976 0x1b14 DfsC - ok
12:13:25.0023 0x1b14 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:13:25.0085 0x1b14 Dhcp - ok
12:13:25.0163 0x1b14 [ 2A312D761AE650B1BF1296733E872AAC, A05BB3B3BF2DA68599E593BB4367774A74141DE327092C77BCDA3C0F36C8D6AD ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
12:13:25.0195 0x1b14 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
12:13:27.0784 0x1b14 Detect skipped due to KSN trusted
12:13:27.0784 0x1b14 DirMngr - ok
12:13:27.0831 0x1b14 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:13:27.0940 0x1b14 discache - ok
12:13:27.0987 0x1b14 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
12:13:28.0034 0x1b14 Disk - ok
12:13:28.0065 0x1b14 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:13:28.0127 0x1b14 dmvsc - ok
12:13:28.0174 0x1b14 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:13:28.0237 0x1b14 Dnscache - ok
12:13:28.0283 0x1b14 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:13:28.0393 0x1b14 dot3svc - ok
12:13:28.0455 0x1b14 [ 277247B79DA2230D0C3AEB83E6CD8CA7, E6C1BD8374AAA17F20E8C4D7E8B729537E4CB14537D55B7D6C3C8863A431D64E ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
12:13:28.0517 0x1b14 DozeSvc - ok
12:13:28.0564 0x1b14 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:13:28.0673 0x1b14 DPS - ok
12:13:28.0705 0x1b14 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:13:28.0751 0x1b14 drmkaud - ok
12:13:28.0829 0x1b14 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:13:28.0939 0x1b14 DXGKrnl - ok
12:13:28.0970 0x1b14 [ CE4CFFD9F64B86BCEB1C343FC9924D72, A7E03531661C808F34560765136E1912A1389C459BA996880761539F4967056E ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
12:13:29.0001 0x1b14 DzHDD64 - ok
12:13:29.0063 0x1b14 [ 23B6F8081F5C7AF1343810641EE0DD58, 571EF6BC76C062AF0FC696213638831EBC90B056B353AD440B01CA17E0D5B1B7 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
12:13:29.0141 0x1b14 e1cexpress - ok
12:13:29.0173 0x1b14 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:13:29.0266 0x1b14 EapHost - ok
12:13:29.0516 0x1b14 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:13:29.0797 0x1b14 ebdrv - ok
12:13:29.0843 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
12:13:29.0890 0x1b14 EFS - ok
12:13:29.0953 0x1b14 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:13:30.0046 0x1b14 elxstor - ok
12:13:30.0062 0x1b14 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:13:30.0109 0x1b14 ErrDev - ok
12:13:30.0171 0x1b14 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:13:30.0296 0x1b14 EventSystem - ok
12:13:30.0405 0x1b14 [ 00B132F23AA25DEF2060D490B0AB70EF, AAE3BA09C2201EA27D3DB761B3D3E8A3EE80A14B451B743F4DF1281D87166857 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:13:30.0467 0x1b14 EvtEng - ok
12:13:30.0499 0x1b14 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:13:30.0623 0x1b14 exfat - ok
12:13:30.0655 0x1b14 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:13:30.0779 0x1b14 fastfat - ok
12:13:30.0889 0x1b14 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:13:30.0998 0x1b14 Fax - ok
12:13:31.0029 0x1b14 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
12:13:31.0076 0x1b14 fdc - ok
12:13:31.0107 0x1b14 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:13:31.0216 0x1b14 fdPHost - ok
12:13:31.0232 0x1b14 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:13:31.0325 0x1b14 FDResPub - ok
12:13:31.0357 0x1b14 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:13:31.0403 0x1b14 FileInfo - ok
12:13:31.0419 0x1b14 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:13:31.0544 0x1b14 Filetrace - ok
12:13:31.0559 0x1b14 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:13:31.0606 0x1b14 flpydisk - ok
12:13:31.0637 0x1b14 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:13:31.0715 0x1b14 FltMgr - ok
12:13:31.0825 0x1b14 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:13:31.0965 0x1b14 FontCache - ok
12:13:32.0012 0x1b14 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:13:32.0043 0x1b14 FontCache3.0.0.0 - ok
12:13:32.0074 0x1b14 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:13:32.0105 0x1b14 FsDepends - ok
12:13:32.0137 0x1b14 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:13:32.0168 0x1b14 Fs_Rec - ok
12:13:32.0230 0x1b14 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:13:32.0293 0x1b14 fvevol - ok
12:13:32.0339 0x1b14 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:13:32.0386 0x1b14 gagp30kx - ok
12:13:32.0417 0x1b14 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:13:32.0449 0x1b14 GEARAspiWDM - ok
12:13:32.0527 0x1b14 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:13:32.0683 0x1b14 gpsvc - ok
12:13:32.0776 0x1b14 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:32.0807 0x1b14 gupdate - ok
12:13:32.0823 0x1b14 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:13:32.0854 0x1b14 gupdatem - ok
12:13:32.0885 0x1b14 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:13:32.0963 0x1b14 hcw85cir - ok
12:13:33.0010 0x1b14 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:13:33.0088 0x1b14 HdAudAddService - ok
12:13:33.0135 0x1b14 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:13:33.0197 0x1b14 HDAudBus - ok
12:13:33.0213 0x1b14 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:13:33.0244 0x1b14 HidBatt - ok
12:13:33.0275 0x1b14 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:13:33.0338 0x1b14 HidBth - ok
12:13:33.0353 0x1b14 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
12:13:33.0416 0x1b14 HidIr - ok
12:13:33.0431 0x1b14 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
12:13:33.0525 0x1b14 hidserv - ok
12:13:33.0572 0x1b14 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:13:33.0619 0x1b14 HidUsb - ok
12:13:33.0650 0x1b14 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:13:33.0743 0x1b14 hkmsvc - ok
12:13:33.0790 0x1b14 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:13:33.0853 0x1b14 HomeGroupListener - ok
12:13:33.0899 0x1b14 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:13:33.0946 0x1b14 HomeGroupProvider - ok
12:13:33.0977 0x1b14 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:13:34.0024 0x1b14 HpSAMD - ok
12:13:34.0087 0x1b14 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:13:34.0258 0x1b14 HTTP - ok
12:13:34.0274 0x1b14 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:13:34.0305 0x1b14 hwpolicy - ok
12:13:34.0383 0x1b14 [ E935C8099F9196BF19224D9EE4808612, 7F39ACF763E042EFB9B41C7D805CF7C9E1261B14FC6E5C09BCA11623312E2C7B ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
12:13:34.0414 0x1b14 HyperW7Svc - ok
12:13:34.0461 0x1b14 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:13:34.0508 0x1b14 i8042prt - ok
12:13:34.0570 0x1b14 [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:13:34.0648 0x1b14 iaStor - ok
12:13:34.0695 0x1b14 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:13:34.0773 0x1b14 iaStorV - ok
12:13:34.0804 0x1b14 [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:13:34.0851 0x1b14 IBMPMDRV - ok
12:13:34.0867 0x1b14 [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
12:13:34.0898 0x1b14 IBMPMSVC - ok
12:13:34.0976 0x1b14 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:13:35.0069 0x1b14 idsvc - ok
12:13:35.0101 0x1b14 IEEtwCollectorService - ok
12:13:35.0896 0x1b14 [ 66DC0CE2D1867B8178EAA0E11930DBD7, 8870CBBEDD81E0886E9021FB43A3B26486C2E8CD05A805028A136950B3FA809A ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:13:36.0910 0x1b14 igfx - ok
12:13:36.0973 0x1b14 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:13:37.0004 0x1b14 iirsp - ok
12:13:37.0113 0x1b14 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:13:37.0207 0x1b14 IKEEXT - ok
12:13:37.0253 0x1b14 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:13:37.0285 0x1b14 intelide - ok
12:13:37.0331 0x1b14 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:13:37.0378 0x1b14 intelppm - ok
12:13:37.0409 0x1b14 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:13:37.0503 0x1b14 IPBusEnum - ok
12:13:37.0519 0x1b14 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:13:37.0628 0x1b14 IpFilterDriver - ok
12:13:37.0721 0x1b14 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:13:37.0815 0x1b14 iphlpsvc - ok
12:13:37.0831 0x1b14 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:13:37.0893 0x1b14 IPMIDRV - ok
12:13:37.0940 0x1b14 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:13:38.0049 0x1b14 IPNAT - ok
12:13:38.0158 0x1b14 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:13:38.0221 0x1b14 iPod Service - ok
12:13:38.0252 0x1b14 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:13:38.0299 0x1b14 IRENUM - ok
12:13:38.0330 0x1b14 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:13:38.0361 0x1b14 isapnp - ok
12:13:38.0423 0x1b14 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:13:38.0486 0x1b14 iScsiPrt - ok
12:13:38.0564 0x1b14 [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:13:38.0611 0x1b14 jhi_service - ok
12:13:38.0642 0x1b14 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:13:38.0673 0x1b14 kbdclass - ok
12:13:38.0704 0x1b14 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:13:38.0751 0x1b14 kbdhid - ok
12:13:38.0767 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
12:13:38.0798 0x1b14 KeyIso - ok
12:13:38.0829 0x1b14 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:13:38.0876 0x1b14 KSecDD - ok
12:13:38.0907 0x1b14 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:13:38.0969 0x1b14 KSecPkg - ok
12:13:38.0985 0x1b14 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:13:39.0094 0x1b14 ksthunk - ok
12:13:39.0172 0x1b14 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:13:39.0297 0x1b14 KtmRm - ok
12:13:39.0359 0x1b14 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:13:39.0469 0x1b14 LanmanServer - ok
12:13:39.0500 0x1b14 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:13:39.0593 0x1b14 LanmanWorkstation - ok
12:13:39.0640 0x1b14 [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
12:13:39.0671 0x1b14 LENOVO.CAMMUTE - ok
12:13:39.0734 0x1b14 [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:13:39.0765 0x1b14 LENOVO.MICMUTE - ok
12:13:39.0781 0x1b14 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
12:13:39.0812 0x1b14 lenovo.smi - ok
12:13:39.0859 0x1b14 [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
12:13:39.0874 0x1b14 LENOVO.TPKNRSVC - ok
12:13:39.0905 0x1b14 [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:13:39.0937 0x1b14 Lenovo.VIRTSCRLSVC - ok
12:13:39.0983 0x1b14 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:13:40.0077 0x1b14 lltdio - ok
12:13:40.0124 0x1b14 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:13:40.0249 0x1b14 lltdsvc - ok
12:13:40.0280 0x1b14 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:13:40.0389 0x1b14 lmhosts - ok
12:13:40.0467 0x1b14 [ 97F9EAAC985A663394CD8F54DCD3E73A, D5BA3E7ED36BA361B1941F12D83568C30F7E49A8B9D54D3EBBBD05767E1F3B0A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:13:40.0514 0x1b14 LMS - ok
12:13:40.0545 0x1b14 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:13:40.0592 0x1b14 LSI_FC - ok
12:13:40.0623 0x1b14 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:13:40.0670 0x1b14 LSI_SAS - ok
12:13:40.0685 0x1b14 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:13:40.0732 0x1b14 LSI_SAS2 - ok
12:13:40.0748 0x1b14 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:13:40.0795 0x1b14 LSI_SCSI - ok
12:13:40.0826 0x1b14 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:13:40.0935 0x1b14 luafv - ok
12:13:40.0966 0x1b14 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
12:13:40.0997 0x1b14 megasas - ok
12:13:41.0044 0x1b14 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:13:41.0107 0x1b14 MegaSR - ok
12:13:41.0138 0x1b14 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:13:41.0169 0x1b14 MEIx64 - ok
12:13:41.0200 0x1b14 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:13:41.0294 0x1b14 MMCSS - ok
12:13:41.0309 0x1b14 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:13:41.0419 0x1b14 Modem - ok
12:13:41.0450 0x1b14 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:13:41.0497 0x1b14 monitor - ok
12:13:41.0543 0x1b14 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:13:41.0575 0x1b14 mouclass - ok
12:13:41.0606 0x1b14 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:13:41.0653 0x1b14 mouhid - ok
12:13:41.0684 0x1b14 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:13:41.0731 0x1b14 mountmgr - ok
12:13:41.0809 0x1b14 [ DFCD29AB147716CA72416FA7D2196D46, ED60BF354347697F69A78C9FBE1ADCBE0C3EB4C2CC8DB97A7FA03A68BD796066 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:13:41.0855 0x1b14 MozillaMaintenance - ok
12:13:41.0902 0x1b14 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:13:41.0980 0x1b14 MpFilter - ok
12:13:42.0011 0x1b14 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:13:42.0074 0x1b14 mpio - ok
12:13:42.0089 0x1b14 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:13:42.0199 0x1b14 mpsdrv - ok
12:13:42.0308 0x1b14 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:13:42.0464 0x1b14 MpsSvc - ok
12:13:42.0526 0x1b14 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:13:42.0589 0x1b14 MRxDAV - ok
12:13:42.0620 0x1b14 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:13:42.0682 0x1b14 mrxsmb - ok
12:13:42.0729 0x1b14 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:13:42.0807 0x1b14 mrxsmb10 - ok
12:13:42.0823 0x1b14 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:13:42.0869 0x1b14 mrxsmb20 - ok
12:13:42.0901 0x1b14 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:13:42.0947 0x1b14 msahci - ok
12:13:42.0979 0x1b14 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:13:43.0025 0x1b14 msdsm - ok
12:13:43.0057 0x1b14 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:13:43.0103 0x1b14 MSDTC - ok
12:13:43.0150 0x1b14 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:13:43.0244 0x1b14 Msfs - ok
12:13:43.0259 0x1b14 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:13:43.0353 0x1b14 mshidkmdf - ok
12:13:43.0369 0x1b14 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:13:43.0415 0x1b14 msisadrv - ok
12:13:43.0447 0x1b14 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:13:43.0556 0x1b14 MSiSCSI - ok
12:13:43.0571 0x1b14 msiserver - ok
12:13:43.0603 0x1b14 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:13:43.0712 0x1b14 MSKSSRV - ok
12:13:43.0790 0x1b14 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:13:43.0821 0x1b14 MsMpSvc - ok
12:13:43.0837 0x1b14 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:13:43.0946 0x1b14 MSPCLOCK - ok
12:13:43.0977 0x1b14 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:13:44.0071 0x1b14 MSPQM - ok
12:13:44.0117 0x1b14 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:13:44.0180 0x1b14 MsRPC - ok
12:13:44.0211 0x1b14 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:13:44.0227 0x1b14 mssmbios - ok
12:13:44.0258 0x1b14 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:13:44.0367 0x1b14 MSTEE - ok
12:13:44.0398 0x1b14 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:13:44.0429 0x1b14 MTConfig - ok
12:13:44.0461 0x1b14 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:13:44.0507 0x1b14 Mup - ok
12:13:44.0539 0x1b14 [ 74E1E62819D33F176821ADC9AFF8A3E7, 99E5C85E8A49ECBBBB5D9ABCA43BC7C756126F29A3B73E74D61F9644EF19FC8B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:13:44.0585 0x1b14 MyWiFiDHCPDNS - ok
12:13:44.0648 0x1b14 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:13:44.0773 0x1b14 napagent - ok
12:13:44.0819 0x1b14 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:13:44.0913 0x1b14 NativeWifiP - ok
12:13:45.0022 0x1b14 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:13:45.0116 0x1b14 NDIS - ok
12:13:45.0147 0x1b14 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:13:45.0256 0x1b14 NdisCap - ok
12:13:45.0287 0x1b14 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:13:45.0397 0x1b14 NdisTapi - ok
12:13:45.0428 0x1b14 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:13:45.0537 0x1b14 Ndisuio - ok
12:13:45.0568 0x1b14 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:13:45.0677 0x1b14 NdisWan - ok
12:13:45.0709 0x1b14 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:13:45.0833 0x1b14 NDProxy - ok
12:13:45.0849 0x1b14 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:13:45.0958 0x1b14 NetBIOS - ok
12:13:45.0989 0x1b14 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:13:46.0114 0x1b14 NetBT - ok
12:13:46.0130 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
12:13:46.0161 0x1b14 Netlogon - ok
12:13:46.0223 0x1b14 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:13:46.0348 0x1b14 Netman - ok
12:13:46.0395 0x1b14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:46.0426 0x1b14 NetMsmqActivator - ok
12:13:46.0442 0x1b14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:46.0473 0x1b14 NetPipeActivator - ok
12:13:46.0535 0x1b14 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:13:46.0660 0x1b14 netprofm - ok
12:13:46.0676 0x1b14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:46.0723 0x1b14 NetTcpActivator - ok
12:13:46.0723 0x1b14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:13:46.0769 0x1b14 NetTcpPortSharing - ok
12:13:47.0565 0x1b14 [ D39BFDCB570E9019831901AB1B8B4443, 6A8E3761F211AE3C36F8BFE8247AE068B039B2CF5AE36607E6629873B0E4FFE3 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
12:13:48.0548 0x1b14 NETwNs64 - ok
12:13:48.0595 0x1b14 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:13:48.0626 0x1b14 nfrd960 - ok
12:13:48.0673 0x1b14 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:13:48.0719 0x1b14 NisDrv - ok
12:13:48.0766 0x1b14 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
12:13:48.0829 0x1b14 NisSrv - ok
12:13:48.0860 0x1b14 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:13:48.0922 0x1b14 NlaSvc - ok
12:13:48.0938 0x1b14 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:13:49.0047 0x1b14 Npfs - ok
12:13:49.0063 0x1b14 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:13:49.0156 0x1b14 nsi - ok
12:13:49.0172 0x1b14 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:13:49.0281 0x1b14 nsiproxy - ok
12:13:49.0421 0x1b14 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:13:49.0593 0x1b14 Ntfs - ok
12:13:49.0609 0x1b14 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:13:49.0718 0x1b14 Null - ok
12:13:49.0749 0x1b14 [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:13:49.0811 0x1b14 nusb3hub - ok
12:13:49.0843 0x1b14 [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:13:49.0905 0x1b14 nusb3xhc - ok
12:13:49.0983 0x1b14 [ DC933C28D5A1595B042863F6A61ED86E, F71D9C24F9FF617ECC861419C077353D9464F17B3524582F4FA989951F51747F ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
12:13:50.0045 0x1b14 nvkflt - ok
12:13:50.0747 0x1b14 [ A51F78816F7F4B5862D9F6E0E0E588C4, 7634A83B60E7496651299690D766EA7AFF185437D3173D10D093ED71D2C13270 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:13:51.0403 0x1b14 nvlddmkm - ok
12:13:51.0465 0x1b14 [ 88EE7DDE10562A71D995C37F88220281, 4C53B770C153AAD6C1BB27F5D738E94DCB6E1D3CB81615BECE30401B44BAD9E8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:13:51.0496 0x1b14 nvpciflt - ok
12:13:51.0527 0x1b14 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:13:51.0574 0x1b14 nvraid - ok
12:13:51.0621 0x1b14 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:13:51.0668 0x1b14 nvstor - ok
12:13:51.0777 0x1b14 [ 5DCB3AE42B3430EDAC80A42BB9BADEB6, FA57B03D10B6BB50D878F4720E30D3753622A711A6DF990FFA8875E409C4678A ] NVSvc C:\Windows\system32\nvvsvc.exe
12:13:51.0871 0x1b14 NVSvc - ok
12:13:51.0980 0x1b14 [ 44407283382D82C64C9195DE686D4205, 51BE011A0D4CB850B62B30324A9ED14EEC125F4B7AC46926014D9CCD2C10820D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:13:52.0105 0x1b14 nvUpdatusService - ok
12:13:52.0136 0x1b14 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:13:52.0183 0x1b14 nv_agp - ok
12:13:52.0214 0x1b14 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:13:52.0261 0x1b14 ohci1394 - ok
12:13:52.0307 0x1b14 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:13:52.0401 0x1b14 p2pimsvc - ok
12:13:52.0432 0x1b14 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:13:52.0510 0x1b14 p2psvc - ok
12:13:52.0541 0x1b14 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
12:13:52.0588 0x1b14 Parport - ok
12:13:52.0619 0x1b14 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:13:52.0666 0x1b14 partmgr - ok
12:13:52.0713 0x1b14 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:13:52.0775 0x1b14 PcaSvc - ok
12:13:52.0807 0x1b14 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:13:52.0869 0x1b14 pci - ok
12:13:52.0900 0x1b14 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:13:52.0947 0x1b14 pciide - ok
12:13:52.0963 0x1b14 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:13:53.0025 0x1b14 pcmcia - ok
12:13:53.0041 0x1b14 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:13:53.0087 0x1b14 pcw - ok
12:13:53.0150 0x1b14 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:13:53.0275 0x1b14 PEAUTH - ok
12:13:53.0384 0x1b14 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:13:53.0540 0x1b14 PeerDistSvc - ok
12:13:53.0649 0x1b14 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:13:53.0696 0x1b14 PerfHost - ok
12:13:53.0743 0x1b14 [ 52C9F4359AF4A25969B882AECC6F3BDA, 4776FD60E71FA96F67E79A8ECAE48A224790234308DC8DEBC7D389227C0728BE ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
12:13:53.0774 0x1b14 PHCORE - ok
12:13:53.0883 0x1b14 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:13:54.0086 0x1b14 pla - ok
12:13:54.0133 0x1b14 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:13:54.0226 0x1b14 PlugPlay - ok
12:13:54.0257 0x1b14 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:13:54.0304 0x1b14 PNRPAutoReg - ok
12:13:54.0335 0x1b14 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:13:54.0398 0x1b14 PNRPsvc - ok
12:13:54.0429 0x1b14 [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64 C:\Windows\system32\DRIVERS\point64.sys
12:13:54.0476 0x1b14 Point64 - ok
12:13:54.0523 0x1b14 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:13:54.0647 0x1b14 PolicyAgent - ok
12:13:54.0694 0x1b14 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
12:13:54.0741 0x1b14 Power - ok
12:13:54.0788 0x1b14 [ 4CADD52E1669693937360C7ED680365B, 42AB4E08508743F26C7A90221E33F6346A1C2E4D0FAA703AF3B4C2674DD98D34 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
12:13:54.0819 0x1b14 Power Manager DBC Service - ok
12:13:54.0850 0x1b14 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:13:54.0959 0x1b14 PptpMiniport - ok
12:13:54.0975 0x1b14 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
12:13:55.0022 0x1b14 Processor - ok
12:13:55.0069 0x1b14 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:13:55.0115 0x1b14 ProfSvc - ok
12:13:55.0147 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:13:55.0178 0x1b14 ProtectedStorage - ok
12:13:55.0209 0x1b14 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
12:13:55.0240 0x1b14 psadd - ok
12:13:55.0271 0x1b14 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:13:55.0381 0x1b14 Psched - ok
12:13:55.0412 0x1b14 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
12:13:55.0443 0x1b14 PSI - ok
12:13:55.0490 0x1b14 [ 71399B176DE1CAEFD5AD4287ABB9E8A3, 4FEFDBD66B8478FFBF759667C2A3FC7A5EB47D14AFBC05B8B2C870538C66FE72 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
12:13:55.0521 0x1b14 PwmEWSvc - ok
12:13:55.0661 0x1b14 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:13:55.0817 0x1b14 ql2300 - ok
12:13:55.0880 0x1b14 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:13:55.0942 0x1b14 ql40xx - ok
12:13:55.0973 0x1b14 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:13:56.0036 0x1b14 QWAVE - ok
12:13:56.0067 0x1b14 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:13:56.0129 0x1b14 QWAVEdrv - ok
12:13:56.0145 0x1b14 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:13:56.0254 0x1b14 RasAcd - ok
12:13:56.0285 0x1b14 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:13:56.0395 0x1b14 RasAgileVpn - ok
12:13:56.0426 0x1b14 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:13:56.0535 0x1b14 RasAuto - ok
12:13:56.0566 0x1b14 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:13:56.0675 0x1b14 Rasl2tp - ok
12:13:56.0707 0x1b14 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:13:56.0831 0x1b14 RasMan - ok
12:13:56.0863 0x1b14 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:13:56.0972 0x1b14 RasPppoe - ok
12:13:57.0003 0x1b14 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:13:57.0112 0x1b14 RasSstp - ok
12:13:57.0143 0x1b14 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:13:57.0284 0x1b14 rdbss - ok
12:13:57.0299 0x1b14 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:13:57.0346 0x1b14 rdpbus - ok
12:13:57.0362 0x1b14 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:13:57.0471 0x1b14 RDPCDD - ok
12:13:57.0502 0x1b14 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:13:57.0580 0x1b14 RDPDR - ok
12:13:57.0611 0x1b14 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:13:57.0705 0x1b14 RDPENCDD - ok
12:13:57.0721 0x1b14 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:13:57.0845 0x1b14 RDPREFMP - ok
12:13:57.0908 0x1b14 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:13:57.0955 0x1b14 RdpVideoMiniport - ok
12:13:58.0001 0x1b14 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:13:58.0079 0x1b14 RDPWD - ok
12:13:58.0126 0x1b14 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:13:58.0173 0x1b14 rdyboost - ok
12:13:58.0235 0x1b14 [ 5A118234A2251D6CFB8A11DFE7AC4B4A, C79AEAA4D35C10F3C0F5F75E525FE8FB839F43C5EA0D83AE2D5FAB8FEB8F6ECF ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:13:58.0267 0x1b14 RegSrvc - ok
12:13:58.0313 0x1b14 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:13:58.0423 0x1b14 RemoteAccess - ok
12:13:58.0454 0x1b14 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:13:58.0563 0x1b14 RemoteRegistry - ok
12:13:58.0610 0x1b14 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:13:58.0672 0x1b14 RFCOMM - ok
12:13:58.0703 0x1b14 [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
12:13:58.0750 0x1b14 risdxc - ok
12:13:58.0781 0x1b14 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:13:58.0891 0x1b14 RpcEptMapper - ok
12:13:58.0922 0x1b14 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:13:58.0953 0x1b14 RpcLocator - ok
12:13:59.0000 0x1b14 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:13:59.0125 0x1b14 RpcSs - ok
12:13:59.0156 0x1b14 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:13:59.0281 0x1b14 rspndr - ok
12:13:59.0296 0x1b14 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:13:59.0343 0x1b14 s3cap - ok
12:13:59.0359 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
12:13:59.0390 0x1b14 SamSs - ok
12:13:59.0405 0x1b14 SAService - ok
12:13:59.0421 0x1b14 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:13:59.0468 0x1b14 sbp2port - ok
12:13:59.0499 0x1b14 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:13:59.0624 0x1b14 SCardSvr - ok
12:13:59.0655 0x1b14 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:13:59.0749 0x1b14 scfilter - ok
12:13:59.0842 0x1b14 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:14:00.0014 0x1b14 Schedule - ok
12:14:00.0045 0x1b14 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:14:00.0139 0x1b14 SCPolicySvc - ok
12:14:00.0185 0x1b14 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:14:00.0248 0x1b14 SDRSVC - ok
12:14:00.0279 0x1b14 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:14:00.0373 0x1b14 secdrv - ok
12:14:00.0404 0x1b14 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:14:00.0497 0x1b14 seclogon - ok
12:14:00.0700 0x1b14 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
12:14:00.0809 0x1b14 Secunia PSI Agent - ok
12:14:00.0887 0x1b14 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
12:14:00.0965 0x1b14 Secunia Update Agent - ok
12:14:00.0997 0x1b14 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
12:14:01.0090 0x1b14 SENS - ok
12:14:01.0121 0x1b14 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:14:01.0168 0x1b14 SensrSvc - ok
12:14:01.0199 0x1b14 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:14:01.0262 0x1b14 Serenum - ok
12:14:01.0293 0x1b14 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:14:01.0355 0x1b14 Serial - ok
12:14:01.0371 0x1b14 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:14:01.0418 0x1b14 sermouse - ok
12:14:01.0465 0x1b14 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:14:01.0574 0x1b14 SessionEnv - ok
12:14:01.0605 0x1b14 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:14:01.0652 0x1b14 sffdisk - ok
12:14:01.0667 0x1b14 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:14:01.0714 0x1b14 sffp_mmc - ok
12:14:01.0714 0x1b14 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:14:01.0761 0x1b14 sffp_sd - ok
12:14:01.0792 0x1b14 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:14:01.0839 0x1b14 sfloppy - ok
12:14:01.0901 0x1b14 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:14:02.0026 0x1b14 SharedAccess - ok
12:14:02.0089 0x1b14 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:14:02.0198 0x1b14 ShellHWDetection - ok
12:14:02.0245 0x1b14 [ E2FC046D4EDABFE3B5EF7DA06406277D, DB2B2A3BE6DC85F414D969E16E8E770BB7ADFA6E44B5FA6725B76D17978DF22A ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
12:14:02.0291 0x1b14 Shockprf - ok
12:14:02.0323 0x1b14 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:14:02.0369 0x1b14 SiSRaid2 - ok
12:14:02.0385 0x1b14 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:14:02.0432 0x1b14 SiSRaid4 - ok
12:14:02.0541 0x1b14 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:14:02.0588 0x1b14 SkypeUpdate - ok
12:14:02.0635 0x1b14 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:14:02.0744 0x1b14 Smb - ok
12:14:02.0775 0x1b14 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:14:02.0822 0x1b14 SNMPTRAP - ok
12:14:02.0853 0x1b14 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:14:02.0884 0x1b14 spldr - ok
12:14:02.0947 0x1b14 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:14:03.0025 0x1b14 Spooler - ok
12:14:03.0290 0x1b14 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:14:03.0680 0x1b14 sppsvc - ok
12:14:03.0711 0x1b14 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:14:03.0820 0x1b14 sppuinotify - ok
12:14:03.0883 0x1b14 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:14:03.0976 0x1b14 srv - ok
12:14:04.0023 0x1b14 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:14:04.0117 0x1b14 srv2 - ok
12:14:04.0148 0x1b14 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:14:04.0210 0x1b14 srvnet - ok
12:14:04.0241 0x1b14 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:14:04.0351 0x1b14 SSDPSRV - ok
12:14:04.0382 0x1b14 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:14:04.0475 0x1b14 SstpSvc - ok
12:14:04.0553 0x1b14 [ 845305743E0F7DB9B3A9AC1F49C635F1, 042B1667DF7A09F0845024C878D60272078BC4F1781D98A3C9E01653FE06BB03 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:14:04.0616 0x1b14 Stereo Service - ok
12:14:04.0647 0x1b14 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:14:04.0694 0x1b14 stexstor - ok
12:14:04.0756 0x1b14 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:14:04.0850 0x1b14 stisvc - ok
12:14:04.0881 0x1b14 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:14:04.0928 0x1b14 storflt - ok
12:14:04.0959 0x1b14 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
12:14:05.0006 0x1b14 StorSvc - ok
12:14:05.0053 0x1b14 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:14:05.0084 0x1b14 storvsc - ok
12:14:05.0177 0x1b14 [ B4351A27305C7C009B92C40102BC9161, 3955C9DAC488166E5B6DC1FD8110F1FA1A111A128DAEF89CD5835CB59A307ADA ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
12:14:05.0209 0x1b14 SUService - ok
12:14:05.0224 0x1b14 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:14:05.0271 0x1b14 swenum - ok
12:14:05.0380 0x1b14 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:14:05.0443 0x1b14 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
12:14:08.0141 0x1b14 Detect skipped due to KSN trusted
12:14:08.0141 0x1b14 SwitchBoard - ok
12:14:08.0219 0x1b14 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:14:08.0360 0x1b14 swprv - ok
12:14:08.0438 0x1b14 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:14:08.0516 0x1b14 SynTP - ok
12:14:08.0672 0x1b14 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:14:08.0906 0x1b14 SysMain - ok
12:14:08.0921 0x1b14 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:14:08.0999 0x1b14 TabletInputService - ok
12:14:09.0031 0x1b14 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:14:09.0156 0x1b14 TapiSrv - ok
12:14:09.0171 0x1b14 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:14:09.0280 0x1b14 TBS - ok
12:14:09.0421 0x1b14 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:14:09.0624 0x1b14 Tcpip - ok
12:14:09.0795 0x1b14 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:14:09.0951 0x1b14 TCPIP6 - ok
12:14:10.0060 0x1b14 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:14:10.0107 0x1b14 tcpipreg - ok
12:14:10.0185 0x1b14 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:14:10.0232 0x1b14 TDPIPE - ok
12:14:10.0263 0x1b14 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:14:10.0310 0x1b14 TDTCP - ok
12:14:10.0326 0x1b14 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:14:10.0450 0x1b14 tdx - ok
12:14:10.0466 0x1b14 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:14:10.0513 0x1b14 TermDD - ok
12:14:10.0575 0x1b14 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
12:14:10.0669 0x1b14 TermService - ok
12:14:10.0700 0x1b14 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:14:10.0762 0x1b14 Themes - ok
12:14:10.0794 0x1b14 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:14:10.0887 0x1b14 THREADORDER - ok
12:14:10.0918 0x1b14 [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6, 6FB582C4BC0093A585942FB510B40C2222AF477A1D8DC22C3B3ACB3B83A9B31E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
12:14:10.0950 0x1b14 TPDIGIMN - ok
12:14:10.0981 0x1b14 [ F0684C62ED8FD3061CD488ECFC851022, 0F22F355C468512B25ED7BC3826146DCAA51BBC58EA59175EF911EFF91F3E363 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
12:14:11.0012 0x1b14 TPHDEXLGSVC - ok
12:14:11.0043 0x1b14 [ 8A1CAB578B61DD178A505B951229E6D7, ECA0E264F47638044DDE226A4C899299B651523AE91F44ECE496C0E3DC2F78A5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
12:14:11.0074 0x1b14 TPHKLOAD - ok
12:14:11.0090 0x1b14 [ 5B62F45C87CC0FB176C5358EEA6CFB4C, D3ED391278AE0F26BCF947057E63DD0CCA4FAD9D15C23D34E14A1F34571DAC77 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:14:11.0121 0x1b14 TPHKSVC - ok
12:14:11.0152 0x1b14 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
12:14:11.0215 0x1b14 TPM - ok
12:14:11.0230 0x1b14 [ 7165B5A9B4867F64A6D6935F57D4196B, 716BF044005E11A84D2B114E4DBCDA390C7842EBD4B6E8FA710D2D002BAE09DC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
12:14:11.0262 0x1b14 TPPWRIF - ok
12:14:11.0308 0x1b14 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:14:11.0418 0x1b14 TrkWks - ok
12:14:11.0464 0x1b14 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:14:11.0574 0x1b14 TrustedInstaller - ok
12:14:11.0620 0x1b14 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:11.0667 0x1b14 tssecsrv - ok
12:14:11.0698 0x1b14 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:14:11.0761 0x1b14 TsUsbFlt - ok
12:14:11.0792 0x1b14 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:14:11.0839 0x1b14 TsUsbGD - ok
12:14:11.0886 0x1b14 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:14:11.0995 0x1b14 tunnel - ok
12:14:12.0026 0x1b14 [ 4DAAE0413CD4E816258838E2FAFB3147, 7D45621A0148C2EEA4302A5852D9407DCEF1947936E9E840788F01625E869CDD ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
12:14:12.0057 0x1b14 TVTI2C - ok
12:14:12.0073 0x1b14 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:14:12.0120 0x1b14 uagp35 - ok
12:14:12.0166 0x1b14 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:14:12.0307 0x1b14 udfs - ok
12:14:12.0338 0x1b14 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:14:12.0369 0x1b14 UI0Detect - ok
12:14:12.0432 0x1b14 [ 6640110398438BDC6CC8D48EEC8EDDC5, FDEF9250468CE85F9AE4239A139BFED21EF133D3050012D4DEBCFDF9B07E6D15 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
12:14:12.0510 0x1b14 UimBus - ok
12:14:12.0572 0x1b14 [ 20BABEFA37F38B3CC26C0E9A26B844FF, F032E66092D585D43B65F5BF4D7DFEE7A3BE1B22E7C63E1CF3D74F0791E99918 ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
12:14:12.0712 0x1b14 Uim_IM - ok
12:14:12.0759 0x1b14 [ 441E8BC5E68200038F0F1941A10C85F4, B93FB9DEC5365D526737A50C7958DB7441C515DF4AAACB6306998E18CF14F69B ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
12:14:12.0868 0x1b14 Uim_VIM - ok
12:14:12.0915 0x1b14 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:14:12.0962 0x1b14 uliagpkx - ok
12:14:12.0993 0x1b14 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:14:13.0040 0x1b14 umbus - ok
12:14:13.0071 0x1b14 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
12:14:13.0102 0x1b14 UmPass - ok
12:14:13.0149 0x1b14 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:14:13.0196 0x1b14 UmRdpService - ok
12:14:13.0430 0x1b14 [ A69CD6BDB82872999D2E46F9324ADA83, 1F06D5B716D48E693A082C1FC49D80405F50D60C78FDF5829FF51F1CC11CF011 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:14:13.0648 0x1b14 UNS - ok
12:14:13.0711 0x1b14 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:14:13.0836 0x1b14 upnphost - ok
12:14:13.0898 0x1b14 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:14:13.0960 0x1b14 usbaudio - ok
12:14:14.0007 0x1b14 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:14.0085 0x1b14 usbccgp - ok
12:14:14.0116 0x1b14 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:14:14.0194 0x1b14 usbcir - ok
12:14:14.0226 0x1b14 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:14:14.0272 0x1b14 usbehci - ok
12:14:14.0319 0x1b14 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:14:14.0397 0x1b14 usbhub - ok
12:14:14.0428 0x1b14 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:14:14.0475 0x1b14 usbohci - ok
12:14:14.0506 0x1b14 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:14:14.0553 0x1b14 usbprint - ok
12:14:14.0584 0x1b14 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:14:14.0647 0x1b14 usbscan - ok
12:14:14.0678 0x1b14 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:14.0756 0x1b14 USBSTOR - ok
12:14:14.0787 0x1b14 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:14:14.0850 0x1b14 usbuhci - ok
12:14:14.0896 0x1b14 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:14:14.0959 0x1b14 usbvideo - ok
12:14:14.0990 0x1b14 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:14:15.0037 0x1b14 usb_rndisx - ok
12:14:15.0068 0x1b14 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:14:15.0162 0x1b14 UxSms - ok
12:14:15.0177 0x1b14 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
12:14:15.0224 0x1b14 VaultSvc - ok
12:14:15.0255 0x1b14 [ 58E2365E7FD880624F648C63C5D22009, 9E00C2EF3488B7477AFF75FA62F2B66FD54166C19DCA594216B23EB046335FF0 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:14:15.0318 0x1b14 VBoxNetAdp - ok
12:14:15.0333 0x1b14 VBoxNetFlt - ok
12:14:15.0364 0x1b14 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:14:15.0411 0x1b14 vdrvroot - ok
12:14:15.0458 0x1b14 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:14:15.0598 0x1b14 vds - ok
12:14:15.0630 0x1b14 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:15.0676 0x1b14 vga - ok
12:14:15.0692 0x1b14 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:14:15.0786 0x1b14 VgaSave - ok
12:14:15.0817 0x1b14 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:14:15.0879 0x1b14 vhdmp - ok
12:14:15.0926 0x1b14 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:14:15.0957 0x1b14 viaide - ok
12:14:15.0988 0x1b14 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:14:16.0051 0x1b14 vmbus - ok
12:14:16.0066 0x1b14 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:14:16.0113 0x1b14 VMBusHID - ok
12:14:16.0144 0x1b14 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:14:16.0191 0x1b14 volmgr - ok
12:14:16.0222 0x1b14 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:14:16.0300 0x1b14 volmgrx - ok
12:14:16.0332 0x1b14 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:14:16.0410 0x1b14 volsnap - ok
12:14:16.0441 0x1b14 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:14:16.0503 0x1b14 vsmraid - ok
12:14:16.0628 0x1b14 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:14:16.0846 0x1b14 VSS - ok
12:14:16.0862 0x1b14 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:16.0924 0x1b14 vwifibus - ok
12:14:16.0956 0x1b14 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:17.0018 0x1b14 vwififlt - ok
12:14:17.0049 0x1b14 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:14:17.0112 0x1b14 vwifimp - ok
12:14:17.0158 0x1b14 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:14:17.0283 0x1b14 W32Time - ok
12:14:17.0299 0x1b14 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:14:17.0361 0x1b14 WacomPen - ok
12:14:17.0392 0x1b14 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:14:17.0502 0x1b14 WANARP - ok
12:14:17.0517 0x1b14 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:14:17.0611 0x1b14 Wanarpv6 - ok
12:14:17.0814 0x1b14 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:14:17.0970 0x1b14 wbengine - ok
12:14:18.0016 0x1b14 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:14:18.0079 0x1b14 WbioSrvc - ok
12:14:18.0110 0x1b14 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:14:18.0188 0x1b14 wcncsvc - ok
12:14:18.0204 0x1b14 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:14:18.0266 0x1b14 WcsPlugInService - ok
12:14:18.0297 0x1b14 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
12:14:18.0328 0x1b14 Wd - ok
12:14:18.0422 0x1b14 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:14:18.0531 0x1b14 Wdf01000 - ok
12:14:18.0578 0x1b14 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:14:18.0672 0x1b14 WdiServiceHost - ok
12:14:18.0687 0x1b14 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:14:18.0734 0x1b14 WdiSystemHost - ok
12:14:18.0781 0x1b14 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:14:18.0828 0x1b14 WebClient - ok
12:14:18.0874 0x1b14 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:14:18.0984 0x1b14 Wecsvc - ok
12:14:19.0015 0x1b14 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:14:19.0124 0x1b14 wercplsupport - ok
12:14:19.0155 0x1b14 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:14:19.0249 0x1b14 WerSvc - ok
12:14:19.0296 0x1b14 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:19.0389 0x1b14 WfpLwf - ok
12:14:19.0405 0x1b14 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:14:19.0436 0x1b14 WIMMount - ok
12:14:19.0467 0x1b14 WinDefend - ok
12:14:19.0483 0x1b14 WinHttpAutoProxySvc - ok
12:14:19.0561 0x1b14 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:14:19.0670 0x1b14 Winmgmt - ok
12:14:19.0826 0x1b14 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:14:20.0044 0x1b14 WinRM - ok
12:14:20.0200 0x1b14 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:14:20.0263 0x1b14 WinUsb - ok
12:14:20.0356 0x1b14 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:14:20.0481 0x1b14 Wlansvc - ok
12:14:20.0512 0x1b14 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:14:20.0559 0x1b14 WmiAcpi - ok
12:14:20.0590 0x1b14 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:14:20.0653 0x1b14 wmiApSrv - ok
12:14:20.0684 0x1b14 WMPNetworkSvc - ok
12:14:20.0731 0x1b14 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:14:20.0762 0x1b14 WPCSvc - ok
12:14:20.0793 0x1b14 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:14:20.0856 0x1b14 WPDBusEnum - ok
12:14:20.0871 0x1b14 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:14:20.0980 0x1b14 ws2ifsl - ok
12:14:21.0043 0x1b14 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
12:14:21.0090 0x1b14 wscsvc - ok
12:14:21.0105 0x1b14 WSearch - ok
12:14:21.0308 0x1b14 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
12:14:21.0480 0x1b14 wuauserv - ok
12:14:21.0542 0x1b14 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:14:21.0589 0x1b14 WudfPf - ok
12:14:21.0636 0x1b14 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:21.0682 0x1b14 WUDFRd - ok
12:14:21.0729 0x1b14 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:14:21.0760 0x1b14 wudfsvc - ok
12:14:21.0807 0x1b14 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:14:21.0870 0x1b14 WwanSvc - ok
12:14:22.0150 0x1b14 [ A923222A8437E6C419AFC1A3BE32FF47, ED1132AE3548AC54D838F93B36A591F3EDB34A980409ED220077871DA5630E9A ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:14:22.0416 0x1b14 ZeroConfigService - ok
12:14:22.0494 0x1b14 ================ Scan global ===============================
12:14:22.0525 0x1b14 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:14:22.0556 0x1b14 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:14:22.0603 0x1b14 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:14:22.0634 0x1b14 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:14:22.0681 0x1b14 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:14:22.0712 0x1b14 [ Global ] - ok
12:14:22.0712 0x1b14 ================ Scan MBR ==================================
12:14:22.0712 0x1b14 [ B85B50C6A0D35AE5861C76696621A9FC ] \Device\Harddisk0\DR0
12:14:23.0289 0x1b14 \Device\Harddisk0\DR0 - ok
12:14:23.0289 0x1b14 ================ Scan VBR ==================================
12:14:23.0305 0x1b14 [ B319C3CA87AF16C9981175EC4D827B15 ] \Device\Harddisk0\DR0\Partition1
12:14:23.0305 0x1b14 \Device\Harddisk0\DR0\Partition1 - ok
12:14:23.0320 0x1b14 [ FF72A23B70F57AA11800F0C895D7A2CA ] \Device\Harddisk0\DR0\Partition2
12:14:23.0320 0x1b14 \Device\Harddisk0\DR0\Partition2 - ok
12:14:23.0336 0x1b14 [ 4D7B5619E5FD76B47F38E73BEC3D03B1 ] \Device\Harddisk0\DR0\Partition3
12:14:23.0352 0x1b14 \Device\Harddisk0\DR0\Partition3 - ok
12:14:23.0367 0x1b14 [ B85535610A46A83CEDE7E1449F4CEA38 ] \Device\Harddisk0\DR0\Partition4
12:14:23.0367 0x1b14 \Device\Harddisk0\DR0\Partition4 - ok
12:14:23.0383 0x1b14 ================ Scan generic autorun ======================
12:14:23.0414 0x1b14 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
12:14:23.0445 0x1b14 ForteConfig - ok
12:14:23.0492 0x1b14 [ 59684F3A784301D09ADF69E70DF979E8, 69B437914B91947FA2EF817FB83495EE86C065B886EA155A0CF354C7ED100DE1 ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
12:14:23.0539 0x1b14 SmartAudio - ok
12:14:23.0570 0x1b14 [ 7EE88AA7B7F93CDA445921B6F8D9B89E, E8C40233E4EAE4660D481587E313A3542354FD4008B5165DB2393B0A87FC310D ] C:\Windows\system32\igfxtray.exe
12:14:23.0617 0x1b14 IgfxTray - ok
12:14:23.0648 0x1b14 [ 5D4069AEF369F011205CD71EACB5BBF7, 41769086CE903D4AA6572FB5DF6BCAE9647412E309537365AC31A89083B72FED ] C:\Windows\system32\hkcmd.exe
12:14:23.0710 0x1b14 HotKeysCmds - ok
12:14:23.0742 0x1b14 [ F0F898B89FD490AB77CC9D072B62004B, D0EAF4C0C993AA9ABB194AEADBBC09CF97FE3818ED22429CDBC60DF72423069A ] C:\Windows\system32\igfxpers.exe
12:14:23.0804 0x1b14 Persistence - ok
12:14:23.0820 0x1b14 [ 084F1404AE15651DF5F5246C2E3D5569, 52212D1CBDDE9B5C5210216094EEB0D7AF8B85CE7A61690023F24A43338AC0C0 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
12:14:23.0851 0x1b14 LENOVO.TPKNRRES - ok
12:14:23.0851 0x1b14 SynTPEnh - ok
12:14:23.0976 0x1b14 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
12:14:24.0116 0x1b14 MSC - ok
12:14:24.0210 0x1b14 [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:14:24.0272 0x1b14 AdobeAAMUpdater-1.0 - ok
12:14:24.0272 0x1b14 PWMTRV - ok
12:14:24.0366 0x1b14 [ 616954748C2F28D653C7BAE814CA51FD, D75E46D978E42C2E7041206B18591EDAF700AD27077AE4D1D76E2857A4A77BF8 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:14:24.0444 0x1b14 avgnt - ok
12:14:24.0444 0x1b14 Sidebar - ok
12:14:24.0475 0x1b14 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:14:24.0537 0x1b14 mctadmin - ok
12:14:24.0646 0x1b14 [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
12:14:24.0740 0x1b14 WinPatrol - ok
12:14:24.0880 0x1b14 [ 14F40DD115B9B55E34479D93F3C8EB5E, 724911F8BC2089078C66C1F0B45981780981DD3292D95A38F6D5F1ECDBEA7BC7 ] C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
12:14:24.0990 0x1b14 FileHippo.com - detected UnsignedFile.Multi.Generic ( 1 )
12:14:27.0579 0x1b14 Detect skipped due to KSN trusted
12:14:27.0579 0x1b14 FileHippo.com - ok
12:14:27.0657 0x1b14 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
12:14:27.0704 0x1b14 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
12:14:30.0262 0x1b14 Detect skipped due to KSN trusted
12:14:30.0262 0x1b14 QuickTime Task - ok
12:14:30.0684 0x1b14 [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\username\AppData\Local\Akamai\netsession_win.exe
12:14:33.0726 0x1b14 Akamai NetSession Interface - ok
12:14:33.0788 0x1b14 [ 7605271997CAB7E91549F343A83E622D, 9CA1933FBBC9CC9D2656AA69C933413DDBAAF43220B5C1E69F4C9F65296C5B42 ] C:\Users\username\AppData\Local\Citrix\ICA Client\concentr.exe
12:14:33.0819 0x1b14 ConnectionCenter - ok
12:14:33.0897 0x1b14 [ DA5FBAA5D62B4FD393947DE5EE8715BE, BA3FDF00AFCF2859585FB9D934E67D31CC7960C093A09F73F8F6AEFE86E9528E ] C:\Users\username\AppData\Local\FluxSoftware\Flux\flux.exe
12:14:34.0334 0x1b14 F.lux - ok
12:14:34.0396 0x1b14 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
12:14:34.0428 0x1b14 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
12:14:34.0428 0x1b14 Detect skipped due to KSN trusted
12:14:34.0428 0x1b14 QuickTime Task - ok
12:14:34.0443 0x1b14 Waiting for KSN requests completion. In queue: 3
12:14:35.0457 0x1b14 Waiting for KSN requests completion. In queue: 3
12:14:36.0471 0x1b14 Waiting for KSN requests completion. In queue: 3
12:14:37.0672 0x1b14 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.310 ), 0x41000 ( enabled : updated )
12:14:37.0672 0x1b14 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
12:14:37.0688 0x1b14 Win FW state via NFP2: enabled
12:14:40.0215 0x1b14 ============================================================
12:14:40.0215 0x1b14 Scan finished
12:14:40.0215 0x1b14 ============================================================
12:14:40.0231 0x051c Detected object count: 0
12:14:40.0231 0x051c Actual detected object count: 0
|
|
21.11.2014, 13:55
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen3 und Rechner langsam Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.11.2014, 11:00
| #5 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam Sorry, hat etwas länger gedauert. AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 21/11/2014 um 15:47:24
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : username - username-THINK
# Gestartet von : C:\Users\username\Desktop\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v33.1.1 (x86 de)
[upm9xjxr.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar_SGT2-V7@apn.ask.com.install-event-fired", true);
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [1208 octets] - [01/06/2014 14:19:32]
AdwCleaner[R1].txt - [1190 octets] - [21/11/2014 15:42:50]
AdwCleaner[S0].txt - [1269 octets] - [01/06/2014 14:32:23]
AdwCleaner[S1].txt - [1117 octets] - [21/11/2014 15:47:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1177 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x64
Ran by username on 21.11.2014 at 15:52:08,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\username\AppData\Roaming\mozilla\firefox\profiles\upm9xjxr.default\minidumps [40 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.11.2014 at 16:00:13,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by username (administrator) on username-THINK on 23-11-2014 10:50:38
Running from C:\Users\username\Desktop
Loaded Profile: username (Available profiles: UpdatusUser & username & username)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///H:/Mydlink/activeX/DCP.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///H:/Mydlink/activeX/aplugLiteDL.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1502850821-2927420759-2148834354-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: Default Full Zoom Level - C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-11-20]
FF Extension: Firebug - C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\firebug@software.joehewitt.com.xpi [2012-05-06]
FF Extension: NoScript - C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-08-22]
FF Extension: MeasureIt - C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-07-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
Chrome:
=======
CHR Profile: C:\Users\username\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2012-02-27] (Lenovo.)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S2 bckd; system32\drivers\bckd.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 10:01 - 2014-11-23 10:01 - 00000022 _____ () C:\Windows\S.dirmngr
2014-11-21 16:00 - 2014-11-21 16:00 - 00000755 _____ () C:\Users\username\Desktop\JRT.txt
2014-11-21 15:50 - 2014-11-21 15:51 - 01707532 _____ (Thisisu) C:\Users\username\Desktop\JRT.exe
2014-11-21 15:49 - 2014-11-21 15:49 - 00001273 _____ () C:\Users\username\Desktop\AdwCleaner[S1].txt
2014-11-21 15:42 - 2014-11-21 15:42 - 02140160 _____ () C:\Users\username\Desktop\AdwCleaner_4.101.exe
2014-11-21 12:11 - 2014-11-21 12:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\username\Desktop\tdsskiller.exe
2014-11-21 11:12 - 2014-11-21 11:18 - 00019524 _____ () C:\Users\username\Desktop\gmer.log
2014-11-21 10:56 - 2014-11-21 10:56 - 00266288 _____ () C:\Windows\Minidump\112114-15475-01.dmp
2014-11-21 10:46 - 2014-11-21 10:46 - 00000834 _____ () C:\Users\username\Desktop\Avira.txt
2014-11-21 10:39 - 2014-11-21 10:39 - 00380416 _____ () C:\Users\username\Desktop\Gmer-19357.exe
2014-11-21 10:18 - 2014-11-23 10:51 - 00020167 _____ () C:\Users\username\Desktop\FRST.txt
2014-11-21 10:17 - 2014-11-23 10:46 - 02118144 _____ (Farbar) C:\Users\username\Desktop\FRST64.exe
2014-11-21 10:00 - 2014-11-21 10:00 - 00000470 _____ () C:\Users\username\Desktop\defogger_disable.log
2014-11-21 09:59 - 2014-11-21 09:59 - 00050477 _____ () C:\Users\username\Desktop\Defogger.exe
2014-11-20 10:18 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 10:18 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 10:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 10:35 - 2014-11-22 14:58 - 00000000 ____D () C:\Users\username\AppData\Roaming\Skype
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00002517 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-11-17 10:35 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-17 10:35 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\username\AppData\Local\Skype
2014-11-17 10:34 - 2014-11-19 14:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-17 10:34 - 2014-11-17 10:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-16 11:09 - 2014-11-17 21:22 - 00000713 _____ () C:\Users\username\Desktop\Strategies.txt
2014-11-12 14:44 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 14:44 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 14:44 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 14:44 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 14:44 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 14:44 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 14:44 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 14:44 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 14:44 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 14:44 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 14:44 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 14:44 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 14:44 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 14:44 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 14:44 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 14:44 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 14:44 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 14:44 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 14:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 14:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 14:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 14:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 14:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 14:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 14:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 14:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 14:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 14:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 14:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 14:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 14:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 14:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 14:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 14:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 14:43 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:43 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 14:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 14:42 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 14:42 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 14:42 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:42 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:42 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:42 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 14:42 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 14:42 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 14:42 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 14:42 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 14:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 14:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 14:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 14:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 14:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 14:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 14:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 14:40 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 14:40 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-10 10:30 - 2014-11-10 10:30 - 06126536 _____ (Tim Kosse) C:\Users\username\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-09 11:41 - 2014-11-09 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-09 11:40 - 2014-11-09 11:41 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-09 11:37 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files\iTunes
2014-11-09 11:36 - 2014-11-09 11:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-09 11:36 - 2014-11-09 11:36 - 00000000 ____D () C:\Program Files\iPod
2014-11-09 11:29 - 2014-11-09 11:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-09 11:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-09 11:29 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:09 - 2014-11-21 09:50 - 00000335 _____ () C:\Users\username\Desktop\Todo.txt
2014-10-24 14:13 - 2014-11-20 09:40 - 00000033 _____ () C:\Users\username\Desktop\Aloha Dharma.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 10:50 - 2014-06-01 13:02 - 00000000 ____D () C:\FRST
2014-11-23 10:40 - 2014-10-17 19:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 10:40 - 2014-06-27 12:19 - 00000000 ____D () C:\Users\username\AppData\Local\Adobe
2014-11-23 10:37 - 2014-03-11 17:24 - 00046886 _____ () C:\Windows\setupact.log
2014-11-23 10:26 - 2014-08-23 07:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 10:22 - 2012-08-17 13:03 - 00001456 _____ () C:\Users\username\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-11-23 10:19 - 2014-10-17 19:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 10:10 - 2012-07-20 10:31 - 00000000 ____D () C:\Users\username\AppData\Local\Adobe
2014-11-23 10:09 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 10:09 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 10:07 - 2012-03-30 13:23 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 10:07 - 2012-03-30 13:23 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 10:07 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 10:06 - 2012-03-30 03:40 - 01107500 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 10:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 15:48 - 2010-11-21 04:47 - 01111782 _____ () C:\Windows\PFRO.log
2014-11-21 15:47 - 2014-06-01 14:19 - 00000000 ____D () C:\AdwCleaner
2014-11-21 11:41 - 2014-03-31 13:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-11-21 11:41 - 2012-05-06 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-11-21 10:56 - 2014-06-01 13:55 - 00000000 ____D () C:\Windows\Minidump
2014-11-20 10:32 - 2013-08-01 17:33 - 00000000 ____D () C:\Users\username\AppData\Roaming\vlc
2014-11-20 10:22 - 2014-10-19 18:46 - 00000100 _____ () C:\Users\username\Desktop\Baumarkt.txt
2014-11-20 10:09 - 2014-08-23 07:31 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-20 10:09 - 2012-04-15 07:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 10:09 - 2012-04-15 07:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 10:02 - 2012-07-23 12:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-20 10:01 - 2012-05-06 10:49 - 00000000 ____D () C:\Users\username\AppData\Roaming\FileZilla
2014-11-18 17:05 - 2014-09-03 15:14 - 00000285 _____ () C:\Users\username\Desktop\Wohnung Todo.txt
2014-11-16 10:27 - 2012-05-06 07:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-15 19:52 - 2013-11-17 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-14 09:18 - 2012-07-23 07:14 - 00000000 ____D () C:\Users\username\AppData\Local\Akamai
2014-11-13 15:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 19:13 - 2012-10-01 09:53 - 00000000 ____D () C:\Users\username\AppData\Roaming\FileZilla
2014-11-12 18:35 - 2009-07-14 05:45 - 04969680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:14 - 2014-10-17 19:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 15:14 - 2014-10-17 19:08 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 14:53 - 2013-07-11 07:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 14:46 - 2012-04-14 16:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 09:55 - 2012-08-15 07:02 - 00000000 ____D () C:\Users\username\AppData\Local\Lenovo
2014-11-09 12:47 - 2014-02-14 08:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-09 12:44 - 2014-02-14 08:10 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-11-09 11:36 - 2014-09-15 08:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-09 11:36 - 2013-09-27 09:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\Users\username\AppData\Roaming\Malwarebytes
2014-11-09 11:29 - 2012-07-16 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 11:18 - 2012-04-14 07:03 - 00086336 _____ () C:\Users\username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 17:28 - 2012-04-14 19:40 - 00086336 _____ () C:\Users\username\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 15:44 - 2013-09-06 09:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:44 - 2012-10-19 11:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 19:04 - 2012-04-14 19:40 - 00000000 ____D () C:\Users\username
Some content of TEMP:
====================
C:\Users\username\AppData\Local\Temp\avgnt.exe
C:\Users\username\AppData\Local\Temp\avgnt.exe
C:\Users\username\AppData\Local\Temp\Quarantine.exe
C:\Users\username\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 11:54
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014 01
Ran by username at 2014-11-23 10:51:41
Running from C:\Users\username\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998929134.48.56.6499218 - Audible, Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Deutsch (DE) + Pali (HKLM\...\{4CD3A532-B3F8-41D3-B91D-A9B6A53BE0E6}) (Version: 1.0.3.40 - Frank Snow)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Forex Tester 2.8.10 (HKLM-x32\...\{F5EC7F6B-B68B-433C-AA20-54EDFE76191D}_is1) (Version: - Forex Tester Software)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gpg4win (2.2.2) (HKLM-x32\...\GPG4Win) (Version: 2.2.2 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Logitech Media Server 7.7.2 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.2 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
OpenOffice 4.0.1 Language Pack (German) (HKLM-x32\...\{0C55CCF1-29E2-4481-A31F-1FDF19E038F2}) (Version: 4.01.9714 - Apache Software Foundation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice Beta 4.1.0 (HKLM-x32\...\{E0284E69-DDCE-4AB0-9A6B-22DC9CB8D7DB}) (Version: 4.10.9760 - Apache Software Foundation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.67 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
==================== Restore Points =========================
10-11-2014 13:20:24 Windows Update
12-11-2014 13:44:21 Windows Update
12-11-2014 17:44:08 Windows Update
16-11-2014 09:39:43 Windows Update
19-11-2014 20:12:59 Windows Update
20-11-2014 09:18:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-02-02 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03C8D2F7-C5F5-4207-8235-3D9C5A7028A2} - System32\Tasks\AdobeAAMUpdater-1.0-username-THINK-username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6
Task: {0EFF2205-FC92-44C3-9847-11F40B84514D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {1949FBA0-C3CD-4D95-8CF4-D8C1EC416BE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1BF94E8A-9370-4315-AFAE-C59B52FBA257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {2A5074E8-5ACC-4D7C-B8E2-2B7689FB6C3A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19
Task: {3B6F8732-8E3E-481A-B032-D48CCB0ABCA7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3EA94329-78C3-4A77-80AB-3269078D89FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware!
Task: {61294AAE-7DAC-42BD-9822-5DE8BD747EE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-02-27] (Lenovo Group Limited)
Task: {66736ADD-A74A-447E-B881-2B7FE342DDAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00
Task: {76E282E5-6E12-4B64-8961-BEF23A694991} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8594D661-1412-43A1-A9D5-0614214D5250} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5
Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4
Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3
Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16
Task: {B8D51834-255C-4F7F-A4B0-E0B06BF29BAB} - System32\Tasks\AdobeAAMUpdater-1.0-username-THINK-username => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {BBB9866A-4406-48CE-B73C-56A803CA3F21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {C760EC6E-D7A4-4102-8410-CAC7AD31BB11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1
Task: {CE893D65-78EE-4A76-B74F-22666E11AA10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2
Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17
Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18
Task: {FB7DC5DC-1E7F-4A05-BFD7-F51EF09F2B08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-03 12:07 - 2014-09-03 12:07 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-03-30 03:50 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-03-30 03:54 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 09:08 - 2014-10-03 09:08 - 01435136 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2012-03-30 03:57 - 2012-02-27 19:07 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 11:48 - 2014-09-03 11:48 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-09-03 11:41 - 2014-09-03 11:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 11:53 - 2014-09-03 11:53 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 11:56 - 2014-09-03 11:56 - 00742400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-11-17 08:40 - 2014-11-15 19:52 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-20 10:07 - 2014-11-20 10:07 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\Windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^username^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk.Startup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1502850821-2927420759-2148834354-500 - Administrator - Disabled)
Gast (S-1-5-21-1502850821-2927420759-2148834354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502850821-2927420759-2148834354-1003 - Limited - Enabled)
username (S-1-5-21-1502850821-2927420759-2148834354-1004 - Limited - Enabled) => C:\Users\username
username (S-1-5-21-1502850821-2927420759-2148834354-1001 - Administrator - Enabled) => C:\Users\username
UpdatusUser (S-1-5-21-1502850821-2927420759-2148834354-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: bckd
Description: bckd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bckd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2014 10:01:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 08:47:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 03:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 01:28:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 10:47:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 09:33:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 05:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/23/2014 10:01:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/22/2014 08:46:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/22/2014 03:24:14 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/22/2014 03:23:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/22/2014 01:28:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/22/2014 10:47:20 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/22/2014 10:47:16 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (11/22/2014 10:46:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/21/2014 09:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/21/2014 05:55:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (11/23/2014 10:01:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 08:47:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 03:23:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 01:28:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 10:47:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 09:33:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 05:55:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-02-02 08:17:34.626
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.423
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-02 08:17:34.064
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.912
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-16 15:05:01.874
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8075.23 MB
Available physical RAM: 5877.25 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13758.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:100 GB) (Free:18.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (data) (Fixed) (Total:348.67 GB) (Free:316.23 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B2FF4958)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.11.2014, 18:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen3 und Rechner langsam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: dir /s C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
cmd: dir /s C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> HTML/Infected.WebPage.Gen3 und Rechner langsam |
|
24.11.2014, 14:20
| #7 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam Hier die Fixlog.txt. Während der Ausführung hat sich Avira gemeledet und den Zugriff auf die Hostdatei blockiert. Habe es dann währenddessen deaktiviert. Hoffe, dass alles geklappt hat. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by username at 2014-11-24 14:14:07 Run:1
Running from C:\Users\username\Desktop
Loaded Profile: username (Available profiles: UpdatusUser & username & username)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: dir /s C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
cmd: dir /s C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
EmptyTemp:
Hosts:
*****************
========= dir /s C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 =========
Datentr�ger in Laufwerk C: ist Windows7_OS
Volumeseriennummer: 3E82-32EF
Verzeichnis von C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
09.11.2014 11:37 <DIR> .
09.11.2014 11:37 <DIR> ..
08.10.2012 16:19 1.977.816 GEARDIFx.exe
09.11.2014 11:37 <DIR> x64
1 Datei(en), 1.977.816 Bytes
Verzeichnis von C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64
09.11.2014 11:37 <DIR> .
09.11.2014 11:37 <DIR> ..
03.10.2012 16:14 519.048 DIFxAPI.dll
08.10.2012 16:19 131.544 DifXInst64.exe
09.11.2014 11:37 4.842 DIFxInstallLog.txt
03.10.2012 16:14 106.928 GEARAspi.dll
03.10.2012 16:14 125.872 GEARAspi64.dll
03.10.2012 16:14 2.561 GEARAspiWDM.inf
03.10.2012 16:14 7.638 gearaspiwdmx64.cat
09.11.2014 11:37 <DIR> x64
7 Datei(en), 898.433 Bytes
Verzeichnis von C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64
09.11.2014 11:37 <DIR> .
09.11.2014 11:37 <DIR> ..
03.10.2012 16:14 33.240 GEARAspiWDM.sys
1 Datei(en), 33.240 Bytes
Anzahl der angezeigten Dateien:
9 Datei(en), 2.909.489 Bytes
8 Verzeichnis(se), 20.615.745.536 Bytes frei
========= End of CMD: =========
========= dir /s C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 =========
Datentr�ger in Laufwerk C: ist Windows7_OS
Volumeseriennummer: 3E82-32EF
Verzeichnis von C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
09.11.2014 11:36 <DIR> .
09.11.2014 11:36 <DIR> ..
09.11.2014 11:36 <DIR> x64
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64
09.11.2014 11:36 <DIR> .
09.11.2014 11:36 <DIR> ..
09.11.2014 11:34 5.862 DIFxInstallLog.txt
1 Datei(en), 5.862 Bytes
Anzahl der angezeigten Dateien:
1 Datei(en), 5.862 Bytes
5 Verzeichnis(se), 20.615.737.344 Bytes frei
========= End of CMD: =========
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 292.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
24.11.2014, 14:26
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen3 und Rechner langsam Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.11.2014, 12:03
| #9 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam So'n Mist, hab ESET durchlaufen lassen und wollte die Logdatei auf den Desktop kopieren. Dachte fälschlicherweise, ich hätte das gemacht und habe ESET deinstalliert. Logfile ist jetzt auch gelöscht. Ich kann aber mit Sicherheit sagen, dass das Programm nichts Bösartiges auf meinem Rechner gefunden hat. Solltest Du das ESET-Log dennoch benötigen, dann lasse ich den Scanner aber gern nochmal laufen. Hier die mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.11.2014 Suchlauf-Zeit: 08:47:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.25.03 Rootkit Datenbank: v2014.11.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: username Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427627 Verstrichene Zeit: 31 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
25.11.2014, 12:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen3 und Rechner langsam Was hat ESET denn so gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.11.2014, 12:19
| #11 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam Hm, die genaue Anzeige weiß ich nicht mehr. Ich weiß nur noch, dass da stand, dass keine bösartige Software irgendwelcher Art gefunden wurde. Soll ich es nochmal laufen lassen? |
|
25.11.2014, 12:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HTML/Infected.WebPage.Gen3 und Rechner langsam ja, das Log bräuchte ich schon
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.11.2014, 13:05
| #13 |
| | HTML/Infected.WebPage.Gen3 und Rechner langsam Ok, dann lasse ich es gleich nochmal durchlaufen. |
|
| Themen zu HTML/Infected.WebPage.Gen3 und Rechner langsam |
| antivir, avira, bildschirm, browser, combofix, dvdvideosoft ltd., failed, feedback, fehlercode 0xc0000005, fehlercode 24, festplatte, flash player, gmer.log, html/infected.webpage.gen3, iexplore.exe, malware, mozilla, officejet, panda usb vaccine, programm, pwmtr64v.dll, registry, security, software, svchost.exe, teredo, this device cannot start. (code10), virus, windows |
Hybrid-Darstellung
