Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.03.2015, 18:25   #1
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Hallo liebe Trojaner-Board Community!

Gestern erhielt ich ein E-Mail, in dem stand, dass sich jemand Zugriff zu meinem Yahoo Konto verschafft hat und zwar aus den U.S.A.
Daraufhin änderte ich sofort mein Passwort, da ich aber nicht zuhause war, machte ich keinen Virenscan.

Am nächsten Tag erhielt ich eine weitere E-Mail, dass sich jemand Zugriff auf meinen Twitch Account verschaffen wollte und wurde aufgefordert beim nächsten Login mein Passwort zu ändern.

Das Passwort zu meinem Online Banking habe ich geändert, bisher wurde noch nichts abgebucht, kann da noch etwas passieren?

Da ich in meinen 10 Lebensjahren noch nie gröbere Schwierigkeiten mit Viren o.Ä. (auf meinen Geräten) hatte, kam mir das alles sehr komisch vor.

Heute früh ließ ich Avira auf alles scannen, was möglich ist.

Als ich vor 20 Minuten nach Hause kam, waren da folgende Ergebnisse.

Funde: 1
Warnungen: 2 (was bedeuten diese Warnungen?)

Der Fund ist folgendes File: EXP/Java.Ternewb.Gen

Außerdem steht im Reiter "Fehler", dass C:\Swapfile.sys nicht geöffnet werden konnte.

Die Suchmaschine spuckt für mich nichts aus, was ich verstehen kann, bzw. was diesen Virus näher beschreibt.

Allerdings habe ich einen Thread gefunden, wo ein nahmensänlicher (Ternub) File genannt wurde.
Dort wurde Vorgeschlagen, den Rechner neu aufzusetzen.

Das Gerät um das es sich handelt, ist ein Lenovo ideapad u330p. (Bei Cyberport bestellt)
Knappe 4 Monate alt.
Fertiggerät mit Windows 8 , keine Software CD Vorhanden.

Installiert habe ich bis jetzt nicht viel.
Open Office
Osbuddy (ein Client mit dem man ein MMO namens Runescape spielen kann, bei dem viele sagen, dass fälschlicherweise Viren erkannt werden)
Steam
Mozilla Firefox
Avira (Edit: Die Gratis Version)
Spybot Search & Destroy

Bitte um Hilfe und Infos!

LG
M

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 24. März 2015  10:46


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : DONQUIXOTE_D

Versionsinformationen:
BUILD.DAT      : 15.0.8.656     91858 Bytes  17.03.2015 13:02:00
AVSCAN.EXE     : 15.0.8.652   1014064 Bytes  22.03.2015 00:37:24
AVSCANRC.DLL   : 15.0.8.652     63792 Bytes  22.03.2015 00:37:24
LUKE.DLL       : 15.0.8.652     60664 Bytes  22.03.2015 00:37:41
AVSCPLR.DLL    : 15.0.8.652     93488 Bytes  22.03.2015 00:37:24
REPAIR.DLL     : 15.0.8.652    365360 Bytes  22.03.2015 00:37:23
REPAIR.RDF     : 1.0.6.78      822387 Bytes  23.03.2015 21:50:12
AVREG.DLL      : 15.0.8.652    265464 Bytes  22.03.2015 00:37:22
AVLODE.DLL     : 15.0.8.656    645368 Bytes  22.03.2015 00:37:21
AVLODE.RDF     : 14.0.4.54      78895 Bytes  05.12.2014 19:34:50
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 13:02:30
XBV00220.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00221.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00222.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00223.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00224.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00225.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00226.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00227.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00228.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00229.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00230.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00231.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00232.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00233.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00234.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00235.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00236.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00237.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00238.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00239.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00240.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00241.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00242.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00243.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00244.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00245.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:12
XBV00246.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00247.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00248.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00249.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00250.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00251.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00252.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00253.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00254.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00255.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 20:41:13
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:02:30
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 13:02:30
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 13:02:30
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:02:30
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:02:30
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 13:02:30
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 13:02:30
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 13:02:30
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 13:02:30
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 13:02:30
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 13:02:30
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 17:12:11
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 16:28:24
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 02:34:18
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 23:24:54
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 17:31:19
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 20:41:07
XBV00042.VDF   : 8.11.213.202     3584 Bytes  05.03.2015 20:41:07
XBV00043.VDF   : 8.11.213.204     2048 Bytes  05.03.2015 20:41:07
XBV00044.VDF   : 8.11.213.230    40960 Bytes  05.03.2015 20:41:07
XBV00045.VDF   : 8.11.214.2     29184 Bytes  05.03.2015 20:41:07
XBV00046.VDF   : 8.11.214.28    25088 Bytes  05.03.2015 10:33:14
XBV00047.VDF   : 8.11.214.30    14848 Bytes  05.03.2015 10:33:14
XBV00048.VDF   : 8.11.214.32     3072 Bytes  05.03.2015 10:33:15
XBV00049.VDF   : 8.11.214.34     2048 Bytes  06.03.2015 10:33:15
XBV00050.VDF   : 8.11.214.38    39424 Bytes  06.03.2015 10:33:15
XBV00051.VDF   : 8.11.214.40     6656 Bytes  06.03.2015 10:33:15
XBV00052.VDF   : 8.11.214.42     4608 Bytes  06.03.2015 10:33:15
XBV00053.VDF   : 8.11.214.44     5120 Bytes  06.03.2015 10:33:15
XBV00054.VDF   : 8.11.214.46    23552 Bytes  06.03.2015 17:18:57
XBV00055.VDF   : 8.11.214.48     3072 Bytes  06.03.2015 17:18:57
XBV00056.VDF   : 8.11.214.50    25600 Bytes  06.03.2015 17:18:57
XBV00057.VDF   : 8.11.214.72     2048 Bytes  06.03.2015 17:18:57
XBV00058.VDF   : 8.11.214.92    48128 Bytes  06.03.2015 17:18:57
XBV00059.VDF   : 8.11.214.112    12800 Bytes  06.03.2015 15:31:48
XBV00060.VDF   : 8.11.214.114     2560 Bytes  06.03.2015 15:31:48
XBV00061.VDF   : 8.11.214.136    32256 Bytes  06.03.2015 15:31:49
XBV00062.VDF   : 8.11.214.138     2048 Bytes  06.03.2015 15:31:49
XBV00063.VDF   : 8.11.214.140     2048 Bytes  07.03.2015 15:31:49
XBV00064.VDF   : 8.11.214.144    34304 Bytes  07.03.2015 15:31:49
XBV00065.VDF   : 8.11.214.146     2048 Bytes  07.03.2015 15:31:49
XBV00066.VDF   : 8.11.214.168    33792 Bytes  07.03.2015 05:16:29
XBV00067.VDF   : 8.11.214.188    71168 Bytes  08.03.2015 21:40:20
XBV00068.VDF   : 8.11.214.190     2048 Bytes  08.03.2015 21:40:20
XBV00069.VDF   : 8.11.214.192     2048 Bytes  08.03.2015 21:40:20
XBV00070.VDF   : 8.11.214.212     2048 Bytes  08.03.2015 21:40:20
XBV00071.VDF   : 8.11.214.232    28672 Bytes  08.03.2015 21:40:20
XBV00072.VDF   : 8.11.214.252    69120 Bytes  09.03.2015 13:40:55
XBV00073.VDF   : 8.11.215.14     3584 Bytes  09.03.2015 13:40:55
XBV00074.VDF   : 8.11.215.32     7168 Bytes  09.03.2015 13:40:55
XBV00075.VDF   : 8.11.215.50    12800 Bytes  09.03.2015 13:40:55
XBV00076.VDF   : 8.11.215.52     5120 Bytes  09.03.2015 13:40:55
XBV00077.VDF   : 8.11.215.70    17920 Bytes  09.03.2015 19:40:52
XBV00078.VDF   : 8.11.215.90     2048 Bytes  09.03.2015 19:40:52
XBV00079.VDF   : 8.11.215.110     2048 Bytes  09.03.2015 19:40:52
XBV00080.VDF   : 8.11.215.132    29696 Bytes  09.03.2015 18:53:59
XBV00081.VDF   : 8.11.215.134    11264 Bytes  09.03.2015 18:53:59
XBV00082.VDF   : 8.11.215.136    11264 Bytes  09.03.2015 18:53:59
XBV00083.VDF   : 8.11.215.138    12288 Bytes  10.03.2015 18:53:59
XBV00084.VDF   : 8.11.215.140    35840 Bytes  10.03.2015 18:53:59
XBV00085.VDF   : 8.11.215.158     6144 Bytes  10.03.2015 18:53:59
XBV00086.VDF   : 8.11.215.174     5632 Bytes  10.03.2015 18:53:59
XBV00087.VDF   : 8.11.215.190     8704 Bytes  10.03.2015 18:53:59
XBV00088.VDF   : 8.11.215.206    19968 Bytes  10.03.2015 18:53:59
XBV00089.VDF   : 8.11.215.222    12800 Bytes  10.03.2015 18:53:59
XBV00090.VDF   : 8.11.215.226     2048 Bytes  10.03.2015 18:53:59
XBV00091.VDF   : 8.11.215.230    14336 Bytes  10.03.2015 18:53:59
XBV00092.VDF   : 8.11.215.234    26112 Bytes  10.03.2015 00:53:08
XBV00093.VDF   : 8.11.215.236    11776 Bytes  10.03.2015 00:53:08
XBV00094.VDF   : 8.11.215.240    22016 Bytes  11.03.2015 17:23:54
XBV00095.VDF   : 8.11.215.242     2048 Bytes  11.03.2015 17:23:54
XBV00096.VDF   : 8.11.215.244     2048 Bytes  11.03.2015 17:23:54
XBV00097.VDF   : 8.11.216.4      7680 Bytes  11.03.2015 17:23:54
XBV00098.VDF   : 8.11.216.20    12800 Bytes  11.03.2015 17:23:54
XBV00099.VDF   : 8.11.216.36    19968 Bytes  11.03.2015 17:23:54
XBV00100.VDF   : 8.11.216.52     2560 Bytes  11.03.2015 17:23:54
XBV00101.VDF   : 8.11.216.54    22016 Bytes  11.03.2015 17:23:54
XBV00102.VDF   : 8.11.216.56     8192 Bytes  11.03.2015 11:48:11
XBV00103.VDF   : 8.11.216.58     4608 Bytes  11.03.2015 11:48:11
XBV00104.VDF   : 8.11.216.60    16896 Bytes  11.03.2015 11:48:11
XBV00105.VDF   : 8.11.216.76    14336 Bytes  11.03.2015 11:48:11
XBV00106.VDF   : 8.11.216.90    30208 Bytes  11.03.2015 11:48:11
XBV00107.VDF   : 8.11.216.104     5632 Bytes  12.03.2015 11:48:11
XBV00108.VDF   : 8.11.216.118     6656 Bytes  12.03.2015 11:48:11
XBV00109.VDF   : 8.11.216.120    24576 Bytes  12.03.2015 11:48:11
XBV00110.VDF   : 8.11.216.122    16896 Bytes  12.03.2015 00:37:46
XBV00111.VDF   : 8.11.216.124     2048 Bytes  12.03.2015 00:37:47
XBV00112.VDF   : 8.11.216.138    16896 Bytes  12.03.2015 00:37:47
XBV00113.VDF   : 8.11.216.140     2048 Bytes  12.03.2015 00:37:47
XBV00114.VDF   : 8.11.216.154     3584 Bytes  12.03.2015 00:37:47
XBV00115.VDF   : 8.11.216.168     2048 Bytes  12.03.2015 00:37:47
XBV00116.VDF   : 8.11.216.182    70144 Bytes  12.03.2015 00:37:48
XBV00117.VDF   : 8.11.216.196     2048 Bytes  13.03.2015 00:37:48
XBV00118.VDF   : 8.11.216.200    46080 Bytes  13.03.2015 00:37:48
XBV00119.VDF   : 8.11.216.214    11776 Bytes  13.03.2015 00:37:48
XBV00120.VDF   : 8.11.216.228     4096 Bytes  13.03.2015 00:37:48
XBV00121.VDF   : 8.11.216.242     2560 Bytes  13.03.2015 00:37:48
XBV00122.VDF   : 8.11.216.254     2560 Bytes  13.03.2015 00:37:49
XBV00123.VDF   : 8.11.217.10     7680 Bytes  13.03.2015 00:37:49
XBV00124.VDF   : 8.11.217.14     2048 Bytes  13.03.2015 00:37:49
XBV00125.VDF   : 8.11.217.16    24576 Bytes  13.03.2015 00:37:49
XBV00126.VDF   : 8.11.217.22    17408 Bytes  13.03.2015 00:37:49
XBV00127.VDF   : 8.11.217.24     2048 Bytes  13.03.2015 00:37:49
XBV00128.VDF   : 8.11.217.26     2048 Bytes  13.03.2015 00:37:50
XBV00129.VDF   : 8.11.217.28    15872 Bytes  13.03.2015 00:37:50
XBV00130.VDF   : 8.11.217.42    84480 Bytes  14.03.2015 00:37:50
XBV00131.VDF   : 8.11.217.54     2048 Bytes  14.03.2015 00:37:50
XBV00132.VDF   : 8.11.217.66     2048 Bytes  14.03.2015 00:37:50
XBV00133.VDF   : 8.11.217.78    19456 Bytes  14.03.2015 00:37:50
XBV00134.VDF   : 8.11.217.90    71680 Bytes  15.03.2015 00:37:51
XBV00135.VDF   : 8.11.217.102     2048 Bytes  15.03.2015 00:37:51
XBV00136.VDF   : 8.11.217.124     6656 Bytes  15.03.2015 00:37:51
XBV00137.VDF   : 8.11.217.136    76800 Bytes  16.03.2015 00:37:51
XBV00138.VDF   : 8.11.217.146     3584 Bytes  16.03.2015 00:37:51
XBV00139.VDF   : 8.11.217.156     3584 Bytes  16.03.2015 00:37:52
XBV00140.VDF   : 8.11.217.166     4096 Bytes  16.03.2015 00:37:52
XBV00141.VDF   : 8.11.217.176    12288 Bytes  16.03.2015 00:37:52
XBV00142.VDF   : 8.11.217.186    13312 Bytes  16.03.2015 00:37:52
XBV00143.VDF   : 8.11.217.188    24064 Bytes  16.03.2015 00:37:52
XBV00144.VDF   : 8.11.217.194     7680 Bytes  16.03.2015 00:37:52
XBV00145.VDF   : 8.11.217.198    31232 Bytes  16.03.2015 00:37:53
XBV00146.VDF   : 8.11.217.208    13824 Bytes  16.03.2015 00:37:53
XBV00147.VDF   : 8.11.217.216     7680 Bytes  16.03.2015 00:37:53
XBV00148.VDF   : 8.11.217.224     2048 Bytes  17.03.2015 00:37:53
XBV00149.VDF   : 8.11.217.232    23552 Bytes  17.03.2015 00:37:53
XBV00150.VDF   : 8.11.217.240     7168 Bytes  17.03.2015 00:37:53
XBV00151.VDF   : 8.11.217.242     9216 Bytes  17.03.2015 00:37:54
XBV00152.VDF   : 8.11.217.244    13824 Bytes  17.03.2015 00:37:54
XBV00153.VDF   : 8.11.217.252     4608 Bytes  17.03.2015 00:37:54
XBV00154.VDF   : 8.11.218.4     10240 Bytes  17.03.2015 00:37:54
XBV00155.VDF   : 8.11.218.6     12800 Bytes  17.03.2015 00:37:54
XBV00156.VDF   : 8.11.218.16    14848 Bytes  17.03.2015 00:37:54
XBV00157.VDF   : 8.11.218.20     2048 Bytes  17.03.2015 00:37:54
XBV00158.VDF   : 8.11.218.28     4096 Bytes  17.03.2015 00:37:55
XBV00159.VDF   : 8.11.218.30    25600 Bytes  17.03.2015 00:37:55
XBV00160.VDF   : 8.11.218.32     2048 Bytes  17.03.2015 00:37:55
XBV00161.VDF   : 8.11.218.34    18432 Bytes  17.03.2015 00:37:55
XBV00162.VDF   : 8.11.218.38    26112 Bytes  18.03.2015 00:37:55
XBV00163.VDF   : 8.11.218.46     4096 Bytes  18.03.2015 00:37:55
XBV00164.VDF   : 8.11.218.52     3584 Bytes  18.03.2015 00:37:55
XBV00165.VDF   : 8.11.218.66     5120 Bytes  18.03.2015 00:37:55
XBV00166.VDF   : 8.11.218.78    24576 Bytes  18.03.2015 00:37:56
XBV00167.VDF   : 8.11.218.88    15360 Bytes  18.03.2015 00:37:56
XBV00168.VDF   : 8.11.218.98    17408 Bytes  18.03.2015 00:37:56
XBV00169.VDF   : 8.11.218.100    10240 Bytes  18.03.2015 00:37:56
XBV00170.VDF   : 8.11.218.102     7680 Bytes  18.03.2015 00:37:56
XBV00171.VDF   : 8.11.218.106    39936 Bytes  19.03.2015 00:37:57
XBV00172.VDF   : 8.11.218.116    37888 Bytes  19.03.2015 00:37:57
XBV00173.VDF   : 8.11.218.126    14336 Bytes  19.03.2015 00:37:57
XBV00174.VDF   : 8.11.218.136    58880 Bytes  19.03.2015 00:37:57
XBV00175.VDF   : 8.11.218.148    79872 Bytes  19.03.2015 00:37:57
XBV00176.VDF   : 8.11.218.150    16896 Bytes  19.03.2015 00:37:58
XBV00177.VDF   : 8.11.218.152     2048 Bytes  19.03.2015 00:37:58
XBV00178.VDF   : 8.11.218.156    44032 Bytes  20.03.2015 00:37:58
XBV00179.VDF   : 8.11.218.158     2048 Bytes  20.03.2015 00:37:58
XBV00180.VDF   : 8.11.218.168    13312 Bytes  20.03.2015 00:37:58
XBV00181.VDF   : 8.11.218.176     7680 Bytes  20.03.2015 00:37:58
XBV00182.VDF   : 8.11.218.184     2048 Bytes  20.03.2015 00:37:58
XBV00183.VDF   : 8.11.218.192    11264 Bytes  20.03.2015 00:37:58
XBV00184.VDF   : 8.11.218.194    15360 Bytes  20.03.2015 00:37:58
XBV00185.VDF   : 8.11.218.198     2048 Bytes  20.03.2015 00:37:59
XBV00186.VDF   : 8.11.218.206     2048 Bytes  20.03.2015 00:37:59
XBV00187.VDF   : 8.11.218.214     2048 Bytes  20.03.2015 00:37:59
XBV00188.VDF   : 8.11.218.222    18432 Bytes  20.03.2015 00:37:59
XBV00189.VDF   : 8.11.218.224    18944 Bytes  20.03.2015 00:37:59
XBV00190.VDF   : 8.11.218.226     2048 Bytes  20.03.2015 00:37:59
XBV00191.VDF   : 8.11.218.228    28160 Bytes  20.03.2015 00:37:59
XBV00192.VDF   : 8.11.218.230     2048 Bytes  20.03.2015 00:37:59
XBV00193.VDF   : 8.11.218.232    14336 Bytes  20.03.2015 00:37:59
XBV00194.VDF   : 8.11.218.238    42496 Bytes  21.03.2015 00:37:59
XBV00195.VDF   : 8.11.218.240     2048 Bytes  21.03.2015 00:37:59
XBV00196.VDF   : 8.11.218.248    24576 Bytes  21.03.2015 00:37:59
XBV00197.VDF   : 8.11.218.250     2048 Bytes  21.03.2015 00:37:59
XBV00198.VDF   : 8.11.218.252     2048 Bytes  21.03.2015 00:37:59
XBV00199.VDF   : 8.11.219.10    33792 Bytes  21.03.2015 00:37:59
XBV00200.VDF   : 8.11.219.18    44544 Bytes  22.03.2015 12:37:04
XBV00201.VDF   : 8.11.219.26     2048 Bytes  22.03.2015 12:37:04
XBV00202.VDF   : 8.11.219.34     8192 Bytes  22.03.2015 12:37:04
XBV00203.VDF   : 8.11.219.36    18944 Bytes  22.03.2015 20:14:58
XBV00204.VDF   : 8.11.219.38    66560 Bytes  23.03.2015 21:50:09
XBV00205.VDF   : 8.11.219.46     2048 Bytes  23.03.2015 21:50:09
XBV00206.VDF   : 8.11.219.52     7168 Bytes  23.03.2015 21:50:09
XBV00207.VDF   : 8.11.219.58     7680 Bytes  23.03.2015 21:50:09
XBV00208.VDF   : 8.11.219.64     8192 Bytes  23.03.2015 21:50:09
XBV00209.VDF   : 8.11.219.66     7168 Bytes  23.03.2015 21:50:09
XBV00210.VDF   : 8.11.219.68    12800 Bytes  23.03.2015 21:50:09
XBV00211.VDF   : 8.11.219.70    25088 Bytes  23.03.2015 21:50:09
XBV00212.VDF   : 8.11.219.74     2048 Bytes  23.03.2015 21:50:09
XBV00213.VDF   : 8.11.219.76    33280 Bytes  23.03.2015 21:50:09
XBV00214.VDF   : 8.11.219.80    22016 Bytes  23.03.2015 09:35:36
XBV00215.VDF   : 8.11.219.82     8192 Bytes  23.03.2015 09:35:36
XBV00216.VDF   : 8.11.219.84    22528 Bytes  24.03.2015 09:35:36
XBV00217.VDF   : 8.11.219.90     4096 Bytes  24.03.2015 09:35:36
XBV00218.VDF   : 8.11.219.96     6656 Bytes  24.03.2015 09:35:36
XBV00219.VDF   : 8.11.219.102     5120 Bytes  24.03.2015 09:35:36
LOCAL000.VDF   : 8.11.219.102 125547520 Bytes  24.03.2015 09:35:53
Engineversion  : 8.3.30.4  
AEVDF.DLL      : 8.3.1.6       133992 Bytes  23.10.2014 13:01:55
AESCRIPT.DLL   : 8.2.2.58      560248 Bytes  22.03.2015 00:37:17
AESCN.DLL      : 8.3.2.2       139456 Bytes  23.10.2014 13:01:55
AESBX.DLL      : 8.2.20.34    1615784 Bytes  04.03.2015 17:31:17
AERDL.DLL      : 8.2.1.20      731040 Bytes  11.02.2015 18:07:54
AEPACK.DLL     : 8.4.0.62      793456 Bytes  20.02.2015 18:53:30
AEOFFICE.DLL   : 8.3.1.14      354216 Bytes  10.03.2015 18:53:19
AEMOBILE.DLL   : 8.1.7.0       281456 Bytes  10.03.2015 18:53:20
AEHEUR.DLL     : 8.1.4.1606   8256368 Bytes  22.03.2015 00:37:17
AEHELP.DLL     : 8.3.2.0       281456 Bytes  22.03.2015 00:37:15
AEGEN.DLL      : 8.1.7.40      456608 Bytes  20.12.2014 10:03:20
AEEXP.DLL      : 8.4.2.70      255904 Bytes  06.02.2015 23:32:49
AEEMU.DLL      : 8.1.3.4       399264 Bytes  23.10.2014 13:01:55
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  10.03.2015 18:53:20
AECORE.DLL     : 8.3.4.0       243624 Bytes  16.12.2014 15:10:18
AEBB.DLL       : 8.1.2.0        60448 Bytes  23.10.2014 13:01:55
AVWINLL.DLL    : 15.0.8.652     25904 Bytes  22.03.2015 00:37:15
AVPREF.DLL     : 15.0.8.652     53248 Bytes  22.03.2015 00:37:22
AVREP.DLL      : 15.0.8.652    221432 Bytes  22.03.2015 00:37:23
AVARKT.DLL     : 15.0.8.652    228088 Bytes  22.03.2015 00:37:18
AVEVTLOG.DLL   : 15.0.8.652    183600 Bytes  22.03.2015 00:37:20
SQLITE3.DLL    : 15.0.8.652    456440 Bytes  22.03.2015 00:37:46
AVSMTP.DLL     : 15.0.8.652     79360 Bytes  22.03.2015 00:37:25
NETNT.DLL      : 15.0.8.652     17352 Bytes  22.03.2015 00:37:41
RCIMAGE.DLL    : 15.0.8.652   4864816 Bytes  22.03.2015 00:37:15
RCTEXT.DLL     : 15.0.8.652     75056 Bytes  22.03.2015 00:37:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 24. März 2015  10:46

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibtrksrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTAgent.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'MaxthonUpdateSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService9x64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'PGService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo64.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'VfConnectorService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDIntelligent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'skydrive.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTFTrack.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Manager.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'HostAppServiceUpdater.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTsysTray8.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'wwahost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveComm.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '27' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\WINDOWS\system32\svchost.exe'
Signiert -> 'C:\WINDOWS\system32\winlogon.exe'
Signiert -> 'C:\WINDOWS\explorer.exe'
Signiert -> 'C:\WINDOWS\system32\smss.exe'
Signiert -> 'C:\WINDOWS\system32\wininet.DLL'
Signiert -> 'C:\WINDOWS\system32\wsock32.DLL'
Signiert -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signiert -> 'C:\WINDOWS\system32\services.exe'
Signiert -> 'C:\WINDOWS\system32\lsass.exe'
Signiert -> 'C:\WINDOWS\system32\csrss.exe'
Signiert -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signiert -> 'C:\WINDOWS\system32\spoolsv.exe'
Signiert -> 'C:\WINDOWS\system32\alg.exe'
Signiert -> 'C:\WINDOWS\system32\wuauclt.exe'
Signiert -> 'C:\WINDOWS\system32\advapi32.DLL'
Signiert -> 'C:\WINDOWS\system32\user32.DLL'
Signiert -> 'C:\WINDOWS\system32\gdi32.DLL'
Signiert -> 'C:\WINDOWS\system32\kernel32.DLL'
Signiert -> 'C:\WINDOWS\system32\ntdll.DLL'
Signiert -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signiert -> 'C:\WINDOWS\system32\drivers\beep.sys'
Signiert -> 'C:\WINDOWS\system32\ctfmon.exe'
Signiert -> 'C:\WINDOWS\system32\imm32.dll'
Signiert -> 'C:\WINDOWS\system32\dsound.dll'
Signiert -> 'C:\WINDOWS\system32\aclui.dll'
Signiert -> 'C:\WINDOWS\system32\msvcrt.dll'
Signiert -> 'C:\WINDOWS\system32\d3d9.dll'
Signiert -> 'C:\WINDOWS\system32\dnsapi.dll'
Signiert -> 'C:\WINDOWS\system32\mshtml.dll'
Signiert -> 'C:\WINDOWS\system32\regsvr32.exe'
Signiert -> 'C:\WINDOWS\system32\rundll32.exe'
Signiert -> 'C:\WINDOWS\system32\userinit.exe'
Signiert -> 'C:\WINDOWS\system32\reg.exe'
Signiert -> 'C:\WINDOWS\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2482' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows8_OS>
C:\swapfile.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
C:\Users\Max\OSBuddy\loader.jar
    [0] Archivtyp: ZIP
    --> com/ggnoreyd.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <LENOVO>

Beginne mit der Desinfektion:
C:\Users\Max\OSBuddy\loader.jar
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5311030e.qua' verschoben!


Ende des Suchlaufs: Dienstag, 24. März 2015  18:35
Benötigte Zeit:  2:10:49 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  40608 Verzeichnisse wurden überprüft
 768497 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 768495 Dateien ohne Befall
   6156 Archive wurden durchsucht
      2 Warnungen
      1 Hinweise
   1384 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Geändert von himynameis (24.03.2015 um 18:43 Uhr)

Alt 24.03.2015, 18:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.03.2015, 19:52   #3
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Erledigt, hier sind die .txt Files.

Scanne gerade meinen Hauptrechner, wo kein Mist oben sein sollte, auch mit Avira.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Max (administrator) on DONQUIXOTE_D on 24-03-2015 18:47:55
Running from C:\Users\Max\Downloads
Loaded Profiles: Max (Available profiles: Max)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Pokki) C:\Users\Max\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> DefaultScope {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-03-19]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20]

Chrome: 
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06]
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 18:47 - 2015-03-24 18:48 - 00020080 _____ () C:\Users\Max\Downloads\FRST.txt
2015-03-24 18:47 - 2015-03-24 18:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2015-03-24 18:47 - 2015-03-24 18:47 - 00000000 ____D () C:\FRST
2015-03-10 21:01 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 21:01 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 21:01 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 21:01 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 21:01 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 20:59 - 2015-01-30 04:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-10 20:59 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 20:59 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 20:59 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 20:59 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 20:59 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 20:59 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 19:59 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 19:59 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 19:59 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 19:59 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 19:59 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 19:59 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 19:59 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 19:59 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 19:59 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 19:59 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 19:59 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 19:59 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 19:59 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 19:59 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 19:59 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 19:59 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 19:59 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 19:59 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 19:59 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 19:59 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 19:59 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-10 19:58 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 19:58 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 19:58 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 19:58 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 19:58 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 19:58 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 19:58 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 19:58 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 19:58 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 19:58 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 19:58 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 19:58 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 19:58 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 19:58 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 19:58 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 19:58 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 19:58 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 19:58 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 19:58 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 19:58 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 19:58 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 19:58 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 19:58 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 19:58 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 19:58 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 19:58 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 19:58 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 19:58 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 19:58 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 19:58 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 19:58 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 19:58 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 19:58 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 19:58 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 19:58 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 19:58 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 19:58 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 19:58 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 19:58 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 19:58 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 19:58 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 19:57 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 19:57 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 19:57 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 19:57 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 18:44 - 2014-12-26 01:01 - 00000000 ____D () C:\Users\Max\OSBuddy
2015-03-24 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-24 17:55 - 2014-11-06 16:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 12:11 - 2014-07-06 22:06 - 01682780 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-24 10:36 - 2014-11-03 14:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki
2015-03-24 10:35 - 2014-11-06 16:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 10:35 - 2014-11-03 14:45 - 00000000 ___DO () C:\Users\Max\OneDrive
2015-03-22 21:26 - 2013-08-22 15:46 - 00049788 _____ () C:\WINDOWS\setupact.log
2015-03-22 21:15 - 2014-12-21 12:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat
2015-03-22 15:52 - 2015-02-01 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 20:21 - 2014-11-03 14:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001
2015-03-21 19:56 - 2014-11-06 16:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 02:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-19 21:39 - 2014-11-26 15:55 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-19 21:39 - 2014-07-06 23:26 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-03-12 13:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-11 12:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 12:18 - 2013-08-22 15:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 12:17 - 2014-03-18 10:44 - 00148610 _____ () C:\WINDOWS\PFRO.log
2015-03-11 03:34 - 2014-07-06 23:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-11 03:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 23:26 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-10 23:25 - 2014-11-07 23:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-10 23:19 - 2014-11-07 23:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 19:53 - 2014-11-29 18:13 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-10 19:53 - 2014-11-29 18:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 19:53 - 2014-11-29 18:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-08 19:16 - 2014-07-07 07:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-08 19:16 - 2014-07-07 07:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-08 19:16 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-05 21:41 - 2014-11-29 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 21:41 - 2014-11-29 18:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-05 21:41 - 2014-07-06 22:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-04 22:24 - 2014-11-16 11:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-16 11:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 20:36 - 2014-11-03 14:41 - 00000000 ____D () C:\Users\Max

==================== Files in the root of some directories =======

2014-07-06 22:48 - 2014-07-06 22:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Max\jagex_cl_oldschool_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE1.dat
C:\Users\Max\random.dat


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe
C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 23:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Max at 2015-03-24 18:48:43
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Energy Manager (x32 Version: 1.0.0.32 - Lenovo) Hidden
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Pokki) (Version: 0.269.7.573 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - Ihr Firmenname)
Lenovo Motion Control (x32 Version: 2.0.0.0807 - Ihr Firmenname) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.27.3 - ELAN Microelectronic Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu (HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-03-2015 13:01:09 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-17 20:06 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42B31502-00C5-4A2B-8C54-B353B26DF556} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {43E88633-734E-4F81-9357-D2BEFD58B2FD} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-10-14] (Maxthon International ltd.)
Task: {770B8E72-3A0D-479A-A6A8-693CB96351D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {852F7A92-F9BC-4488-9039-4AA8B48BF47D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {AD33900E-885F-4EF1-AC8B-FF0B0D526E5D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {CDA298C1-DE4E-4EA9-8085-6026B37F40B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D98E9C29-B068-4C39-81DF-9D720258875A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {E1BAE734-7D03-419A-8784-A6C222B885F0} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4212791573-526093383-3597010243-1001
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-07-06 23:23 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-06 23:24 - 2014-07-06 23:24 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-07-06 23:24 - 2014-07-06 23:24 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-01-20 14:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 14:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 14:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 14:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 14:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-06 22:34 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-08-07 15:12 - 2013-08-07 15:12 - 02428416 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2015-03-21 19:56 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4212791573-526093383-3597010243-500 - Administrator - Disabled)
Gast (S-1-5-21-4212791573-526093383-3597010243-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212791573-526093383-3597010243-1003 - Limited - Enabled)
Max (S-1-5-21-4212791573-526093383-3597010243-1001 - Administrator - Enabled) => C:\Users\Max

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (7564) Instance: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf.

Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:16:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:15:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/24/2015 00:15:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.


System errors:
=============
Error: (03/24/2015 11:55:50 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (03/22/2015 05:44:45 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/22/2015 05:44:45 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/22/2015 05:44:42 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/22/2015 05:44:42 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/22/2015 05:44:37 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (03/11/2015 07:34:35 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (03/11/2015 02:32:44 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (03/11/2015 03:32:53 AM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/11/2015 03:32:53 AM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost7564Instance: -1032

Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:16:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:15:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/24/2015 00:15:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


CodeIntegrity Errors:
===================================
  Date: 2015-01-07 18:46:34.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-26 21:32:17.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-26 21:31:55.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-26 21:29:22.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-26 21:29:20.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 64%
Total physical RAM: 4019.27 MB
Available physical RAM: 1428.97 MB
Total Pagefile: 5908.51 MB
Available Pagefile: 2412.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:424.14 GB) (Free:388.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 539E40C5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Hier beide Files, danke für die rasche Antwort!

Tut mir Leid, dass ich einen Doppelpost mache, aber gerade ist folgendes passiert.

Ich habe auf meinem Hauptrechner wohl auch Viren, bis jetzt wurden schon 8 gefunden, was mich total schockiert!
(unter anderem ist auch der JAVA.Ternewb.Gen gefunden worden)

Es wird wohl noch eine Stunde dauern, bis der ganze PC gescannt ist, kann ich dann in diesem Topic ebenfalls Logs posten, oder soll ich einen neuen Thread aufmachen?

Tut mir Leid, falls das mit dem Laptop ein falscher Anlauf war.
__________________

Alt 25.03.2015, 12:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Mach für den andern Rechner bitte ein neues Thema.


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.03.2015, 14:03   #5
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Malware Bytes sagt: Scan finished. No malware found!

Soll ich weitermachen mit TDSS Killer?


Alt 26.03.2015, 19:28   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



jup
__________________
--> Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen

Alt 27.03.2015, 18:33   #7
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Okay also TDSS hat auch nichts gefunden

Hier der Log

Code:
ATTFilter
18:12:26.0065 0x19c8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:12:26.0065 0x19c8  UEFI system
18:12:33.0004 0x19c8  ============================================================
18:12:33.0004 0x19c8  Current date / time: 2015/03/27 18:12:33.0004
18:12:33.0004 0x19c8  SystemInfo:
18:12:33.0004 0x19c8  
18:12:33.0004 0x19c8  OS Version: 6.3.9600 ServicePack: 0.0
18:12:33.0004 0x19c8  Product type: Workstation
18:12:33.0004 0x19c8  ComputerName: DONQUIXOTE_D
18:12:33.0004 0x19c8  UserName: Max
18:12:33.0004 0x19c8  Windows directory: C:\WINDOWS
18:12:33.0004 0x19c8  System windows directory: C:\WINDOWS
18:12:33.0004 0x19c8  Running under WOW64
18:12:33.0004 0x19c8  Processor architecture: Intel x64
18:12:33.0004 0x19c8  Number of processors: 4
18:12:33.0004 0x19c8  Page size: 0x1000
18:12:33.0004 0x19c8  Boot type: Normal boot
18:12:33.0004 0x19c8  ============================================================
18:12:33.0160 0x19c8  KLMD registered as C:\WINDOWS\system32\drivers\78600274.sys
18:12:33.0754 0x19c8  System UUID: {D45413D8-F926-007F-D338-F812C77F57FB}
18:12:34.0989 0x19c8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:12:35.0004 0x19c8  ============================================================
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0:
18:12:35.0004 0x19c8  GPT partitions:
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CB0D42D6-F61D-4703-8693-02B7785B6254}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0BE8BD54-2EC5-4A07-8E36-61FA08BC3161}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {652066B3-BFE1-4BDC-8276-7DFC95BB5CA4}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {00D5DD85-C6FC-4C57-81FC-D72729E267B1}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96764A33-FF7B-4D48-B5CF-39072EC9B9AE}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x35046000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8DCA223E-DCCC-415A-99EA-4A7F29CC98D7}, Name: Basic data partition, StartLBA 0x354F0800, BlocksNum 0x3200000
18:12:35.0004 0x19c8  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {378341F9-F0A4-4B5F-9E86-9F52DC261B8E}, Name: Basic data partition, StartLBA 0x386F0800, BlocksNum 0x1C95800
18:12:35.0004 0x19c8  MBR partitions:
18:12:35.0004 0x19c8  ============================================================
18:12:35.0004 0x19c8  C: <-> \Device\Harddisk0\DR0\Partition5
18:12:35.0051 0x19c8  D: <-> \Device\Harddisk0\DR0\Partition6
18:12:35.0051 0x19c8  ============================================================
18:12:35.0051 0x19c8  Initialize success
18:12:35.0051 0x19c8  ============================================================
18:13:09.0846 0x19a0  ============================================================
18:13:09.0846 0x19a0  Scan started
18:13:09.0846 0x19a0  Mode: Manual; SigCheck; TDLFS; 
18:13:09.0846 0x19a0  ============================================================
18:13:09.0846 0x19a0  KSN ping started
18:13:12.0230 0x19a0  KSN ping finished: true
18:13:12.0875 0x19a0  ================ Scan system memory ========================
18:13:12.0875 0x19a0  System memory - ok
18:13:12.0875 0x19a0  ================ Scan services =============================
18:13:12.0976 0x19a0  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:13:13.0085 0x19a0  1394ohci - ok
18:13:13.0116 0x19a0  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:13:13.0139 0x19a0  3ware - ok
18:13:13.0188 0x19a0  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:13:13.0223 0x19a0  ACPI - ok
18:13:13.0237 0x19a0  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:13:13.0256 0x19a0  acpiex - ok
18:13:13.0262 0x19a0  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:13:13.0295 0x19a0  acpipagr - ok
18:13:13.0299 0x19a0  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:13:13.0341 0x19a0  AcpiPmi - ok
18:13:13.0346 0x19a0  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:13:13.0379 0x19a0  acpitime - ok
18:13:13.0413 0x19a0  [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
18:13:13.0420 0x19a0  ACPIVPC - ok
18:13:13.0444 0x19a0  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\WINDOWS\system32\DRIVERS\acsock64.sys
18:13:13.0444 0x19a0  acsock - ok
18:13:13.0491 0x19a0  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:13:13.0522 0x19a0  ADP80XX - ok
18:13:13.0554 0x19a0  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:13:13.0601 0x19a0  AeLookupSvc - ok
18:13:13.0663 0x19a0  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:13:13.0710 0x19a0  AFD - ok
18:13:13.0710 0x19a0  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:13:13.0726 0x19a0  agp440 - ok
18:13:13.0757 0x19a0  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:13:13.0854 0x19a0  ahcache - ok
18:13:13.0868 0x19a0  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
18:13:13.0946 0x19a0  ALG - ok
18:13:13.0963 0x19a0  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:13:14.0012 0x19a0  AmdK8 - ok
18:13:14.0051 0x19a0  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:13:14.0103 0x19a0  AmdPPM - ok
18:13:14.0114 0x19a0  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:13:14.0126 0x19a0  amdsata - ok
18:13:14.0136 0x19a0  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:13:14.0154 0x19a0  amdsbs - ok
18:13:14.0160 0x19a0  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:13:14.0170 0x19a0  amdxata - ok
18:13:14.0274 0x19a0  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:13:14.0306 0x19a0  AntiVirSchedulerService - ok
18:13:14.0321 0x19a0  [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:13:14.0337 0x19a0  AntiVirService - ok
18:13:14.0337 0x19a0  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:13:14.0384 0x19a0  AppID - ok
18:13:14.0384 0x19a0  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:13:14.0399 0x19a0  AppIDSvc - ok
18:13:14.0399 0x19a0  [ 7667B9D81EA8FD6540E6CF72F92161A6, 98F3D0E376F715EBE083FE112CAA640BCE0F13DCE0F244D059D7FA019EA3D24C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:13:14.0446 0x19a0  Appinfo - ok
18:13:14.0462 0x19a0  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:13:14.0524 0x19a0  AppReadiness - ok
18:13:14.0556 0x19a0  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:13:14.0634 0x19a0  AppXSvc - ok
18:13:14.0649 0x19a0  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:13:14.0649 0x19a0  arcsas - ok
18:13:14.0665 0x19a0  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:13:14.0681 0x19a0  atapi - ok
18:13:14.0681 0x19a0  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:13:14.0712 0x19a0  AudioEndpointBuilder - ok
18:13:14.0759 0x19a0  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:13:14.0846 0x19a0  Audiosrv - ok
18:13:14.0857 0x19a0  [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:13:14.0873 0x19a0  avgntflt - ok
18:13:14.0883 0x19a0  [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:13:14.0897 0x19a0  avipbb - ok
18:13:14.0943 0x19a0  [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
18:13:14.0959 0x19a0  Avira.OE.ServiceHost - ok
18:13:14.0965 0x19a0  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:13:14.0977 0x19a0  avkmgr - ok
18:13:14.0998 0x19a0  [ 943B743BEA5AE4EEA43250FFCC99C522, 387966A350796EFB6682A975D66F057B622296F6ADF4AFCEECD9F775BA97BFE6 ] AX88772         C:\WINDOWS\system32\DRIVERS\ax88772.sys
18:13:15.0043 0x19a0  AX88772 - ok
18:13:15.0052 0x19a0  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:13:15.0071 0x19a0  AxInstSV - ok
18:13:15.0114 0x19a0  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:13:15.0141 0x19a0  b06bdrv - ok
18:13:15.0161 0x19a0  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:13:15.0179 0x19a0  BasicDisplay - ok
18:13:15.0195 0x19a0  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:13:15.0210 0x19a0  BasicRender - ok
18:13:15.0210 0x19a0  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:13:15.0210 0x19a0  bcmfn2 - ok
18:13:15.0242 0x19a0  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:13:15.0273 0x19a0  BDESVC - ok
18:13:15.0304 0x19a0  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:13:15.0382 0x19a0  Beep - ok
18:13:15.0445 0x19a0  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
18:13:15.0492 0x19a0  BFE - ok
18:13:15.0570 0x19a0  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
18:13:15.0688 0x19a0  BITS - ok
18:13:15.0755 0x19a0  [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:13:15.0793 0x19a0  Bluetooth Device Monitor - ok
18:13:15.0830 0x19a0  [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:13:15.0868 0x19a0  Bluetooth OBEX Service - ok
18:13:15.0884 0x19a0  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:13:15.0929 0x19a0  bowser - ok
18:13:15.0939 0x19a0  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:13:15.0968 0x19a0  BrokerInfrastructure - ok
18:13:15.0976 0x19a0  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
18:13:15.0998 0x19a0  Browser - ok
18:13:15.0998 0x19a0  [ F4CB6F457D019857C8DB6F04CA2957F5, D9E7DD49AF9C38D1696045F6004E1B504A65227B41256961E28A8DCA9B068EA9 ] BthA2DP         C:\WINDOWS\system32\drivers\BthA2DP.sys
18:13:16.0029 0x19a0  BthA2DP - ok
18:13:16.0045 0x19a0  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:13:16.0060 0x19a0  BthAvrcpTg - ok
18:13:16.0107 0x19a0  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
18:13:16.0107 0x19a0  BthEnum - ok
18:13:16.0123 0x19a0  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:13:16.0154 0x19a0  BthHFEnum - ok
18:13:16.0170 0x19a0  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:13:16.0170 0x19a0  bthhfhid - ok
18:13:16.0217 0x19a0  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
18:13:16.0232 0x19a0  BthLEEnum - ok
18:13:16.0248 0x19a0  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:13:16.0263 0x19a0  BTHMODEM - ok
18:13:16.0279 0x19a0  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
18:13:16.0295 0x19a0  BthPan - ok
18:13:16.0357 0x19a0  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
18:13:16.0482 0x19a0  BTHPORT - ok
18:13:16.0482 0x19a0  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:13:16.0513 0x19a0  bthserv - ok
18:13:16.0529 0x19a0  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
18:13:16.0545 0x19a0  BTHUSB - ok
18:13:16.0576 0x19a0  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
18:13:16.0576 0x19a0  btmaux - ok
18:13:16.0638 0x19a0  [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:13:16.0662 0x19a0  btmhsf - ok
18:13:16.0724 0x19a0  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:13:16.0771 0x19a0  cdfs - ok
18:13:16.0787 0x19a0  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:13:16.0834 0x19a0  cdrom - ok
18:13:16.0865 0x19a0  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:13:16.0927 0x19a0  CertPropSvc - ok
18:13:16.0943 0x19a0  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:13:16.0974 0x19a0  circlass - ok
18:13:17.0021 0x19a0  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:13:17.0037 0x19a0  CLFS - ok
18:13:17.0052 0x19a0  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:13:17.0084 0x19a0  CmBatt - ok
18:13:17.0146 0x19a0  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:13:17.0177 0x19a0  CNG - ok
18:13:17.0193 0x19a0  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:13:17.0209 0x19a0  CompositeBus - ok
18:13:17.0224 0x19a0  COMSysApp - ok
18:13:17.0224 0x19a0  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:13:17.0240 0x19a0  condrv - ok
18:13:17.0318 0x19a0  [ D5F868A46AED8E7CAD6C30E0599DD100, F016C3BAC207B5A513CB28E78F93D1347398B9BEEF8D1A32339D034AFB74CF6C ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:13:17.0318 0x19a0  cphs - ok
18:13:17.0334 0x19a0  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:13:17.0365 0x19a0  CryptSvc - ok
18:13:17.0396 0x19a0  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:13:17.0412 0x19a0  dam - ok
18:13:17.0443 0x19a0  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:13:17.0474 0x19a0  DcomLaunch - ok
18:13:17.0490 0x19a0  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:13:17.0521 0x19a0  defragsvc - ok
18:13:17.0537 0x19a0  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:13:17.0599 0x19a0  DeviceAssociationService - ok
18:13:17.0599 0x19a0  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:13:17.0631 0x19a0  DeviceInstall - ok
18:13:17.0662 0x19a0  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:13:17.0693 0x19a0  Dfsc - ok
18:13:17.0693 0x19a0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:13:17.0709 0x19a0  dg_ssudbus - ok
18:13:17.0754 0x19a0  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:13:17.0784 0x19a0  Dhcp - ok
18:13:17.0796 0x19a0  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:13:17.0814 0x19a0  disk - ok
18:13:17.0821 0x19a0  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:13:17.0851 0x19a0  dmvsc - ok
18:13:17.0864 0x19a0  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:13:17.0891 0x19a0  Dnscache - ok
18:13:17.0903 0x19a0  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:13:17.0945 0x19a0  dot3svc - ok
18:13:17.0956 0x19a0  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
18:13:18.0001 0x19a0  DPS - ok
18:13:18.0010 0x19a0  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:13:18.0026 0x19a0  drmkaud - ok
18:13:18.0038 0x19a0  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:13:18.0064 0x19a0  DsmSvc - ok
18:13:18.0147 0x19a0  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:13:18.0212 0x19a0  DXGKrnl - ok
18:13:18.0231 0x19a0  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
18:13:18.0262 0x19a0  e1iexpress - ok
18:13:18.0278 0x19a0  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:13:18.0293 0x19a0  Eaphost - ok
18:13:18.0403 0x19a0  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:13:18.0543 0x19a0  ebdrv - ok
18:13:18.0564 0x19a0  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
18:13:18.0581 0x19a0  EFS - ok
18:13:18.0602 0x19a0  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:13:18.0621 0x19a0  EhStorClass - ok
18:13:18.0645 0x19a0  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:13:18.0661 0x19a0  EhStorTcgDrv - ok
18:13:18.0670 0x19a0  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:13:18.0710 0x19a0  ErrDev - ok
18:13:18.0753 0x19a0  [ CF5C9ED2A345E74A3C4443DD380C2050, 476763604414D79D69B7A6C7F373FBF9990B3F94C77DBA45AFA073A4E2EA473C ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
18:13:18.0772 0x19a0  ETD - ok
18:13:18.0798 0x19a0  [ 20B6699ECD1FE57520960B4F393CA8AF, 1B68D5E0E796B65F1A8A780587173A062772BF79E6893A26EB196F4F1284E8C2 ] ETDService      C:\Program Files\Elantech\ETDService.exe
18:13:18.0828 0x19a0  ETDService - ok
18:13:18.0851 0x19a0  [ FA35D018A340369D9D48E5B07D0D42B2, 5B8428434D0B19042D71C26621AE0E5459C3A6AFEAF88667D550D8C3E5D10ABE ] ETDSMBus        C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys
18:13:18.0863 0x19a0  ETDSMBus - ok
18:13:18.0887 0x19a0  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
18:13:18.0942 0x19a0  EventSystem - ok
18:13:19.0013 0x19a0  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:13:19.0039 0x19a0  EvtEng - ok
18:13:19.0052 0x19a0  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:13:19.0101 0x19a0  exfat - ok
18:13:19.0101 0x19a0  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:13:19.0116 0x19a0  fastfat - ok
18:13:19.0132 0x19a0  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:13:19.0179 0x19a0  Fax - ok
18:13:19.0210 0x19a0  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:13:19.0226 0x19a0  fdc - ok
18:13:19.0245 0x19a0  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:13:19.0274 0x19a0  fdPHost - ok
18:13:19.0279 0x19a0  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:13:19.0303 0x19a0  FDResPub - ok
18:13:19.0315 0x19a0  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:13:19.0343 0x19a0  fhsvc - ok
18:13:19.0372 0x19a0  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:13:19.0387 0x19a0  FileInfo - ok
18:13:19.0395 0x19a0  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:13:19.0444 0x19a0  Filetrace - ok
18:13:19.0450 0x19a0  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:13:19.0468 0x19a0  flpydisk - ok
18:13:19.0504 0x19a0  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:13:19.0527 0x19a0  FltMgr - ok
18:13:19.0590 0x19a0  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:13:19.0630 0x19a0  FontCache - ok
18:13:19.0661 0x19a0  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:13:19.0677 0x19a0  FontCache3.0.0.0 - ok
18:13:19.0677 0x19a0  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:13:19.0692 0x19a0  FsDepends - ok
18:13:19.0708 0x19a0  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:13:19.0724 0x19a0  Fs_Rec - ok
18:13:19.0739 0x19a0  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:13:19.0755 0x19a0  fvevol - ok
18:13:19.0771 0x19a0  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:13:19.0802 0x19a0  FxPPM - ok
18:13:19.0817 0x19a0  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:13:19.0833 0x19a0  gagp30kx - ok
18:13:19.0833 0x19a0  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:13:19.0849 0x19a0  gencounter - ok
18:13:19.0864 0x19a0  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:13:19.0880 0x19a0  GPIOClx0101 - ok
18:13:19.0927 0x19a0  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:13:19.0974 0x19a0  gpsvc - ok
18:13:20.0026 0x19a0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:20.0037 0x19a0  gupdate - ok
18:13:20.0045 0x19a0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:20.0059 0x19a0  gupdatem - ok
18:13:20.0085 0x19a0  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
18:13:20.0114 0x19a0  HdAudAddService - ok
18:13:20.0145 0x19a0  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:13:20.0164 0x19a0  HDAudBus - ok
18:13:20.0178 0x19a0  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:13:20.0195 0x19a0  HidBatt - ok
18:13:20.0204 0x19a0  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:13:20.0231 0x19a0  HidBth - ok
18:13:20.0260 0x19a0  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:13:20.0274 0x19a0  hidi2c - ok
18:13:20.0279 0x19a0  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:13:20.0297 0x19a0  HidIr - ok
18:13:20.0313 0x19a0  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:13:20.0360 0x19a0  hidserv - ok
18:13:20.0375 0x19a0  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:13:20.0406 0x19a0  HidUsb - ok
18:13:20.0406 0x19a0  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:13:20.0422 0x19a0  hkmsvc - ok
18:13:20.0438 0x19a0  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:13:20.0453 0x19a0  HomeGroupListener - ok
18:13:20.0485 0x19a0  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:13:20.0516 0x19a0  HomeGroupProvider - ok
18:13:20.0531 0x19a0  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:13:20.0547 0x19a0  HpSAMD - ok
18:13:20.0578 0x19a0  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:13:20.0625 0x19a0  HTTP - ok
18:13:20.0641 0x19a0  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:13:20.0661 0x19a0  hwpolicy - ok
18:13:20.0671 0x19a0  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:13:20.0713 0x19a0  hyperkbd - ok
18:13:20.0718 0x19a0  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:13:20.0738 0x19a0  HyperVideo - ok
18:13:20.0748 0x19a0  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:13:20.0778 0x19a0  i8042prt - ok
18:13:20.0784 0x19a0  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:13:20.0797 0x19a0  iaLPSSi_GPIO - ok
18:13:20.0804 0x19a0  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:13:20.0818 0x19a0  iaLPSSi_I2C - ok
18:13:20.0865 0x19a0  [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:13:20.0896 0x19a0  iaStorA - ok
18:13:20.0928 0x19a0  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:13:20.0943 0x19a0  iaStorAV - ok
18:13:20.0990 0x19a0  [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:13:20.0990 0x19a0  IAStorDataMgrSvc - ok
18:13:21.0021 0x19a0  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:13:21.0037 0x19a0  iaStorV - ok
18:13:21.0053 0x19a0  [ CAAC69A001E1A5878D2F050F57F93DA4, 0A4263501F2C1C9E4B3764A2EF27607DF07810A10A2F23F3E389EA3E1E1ACA8A ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
18:13:21.0068 0x19a0  ibtusb - ok
18:13:21.0068 0x19a0  IEEtwCollectorService - ok
18:13:21.0209 0x19a0  [ 4F6363C26B4A3DDBC9FAFCBA68602B01, 0920551F9312D967AAA68003BD8C4A312AA8F1E8B826DDE8BF59B9B639AB5F3B ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:13:21.0442 0x19a0  igfx - ok
18:13:21.0479 0x19a0  [ E71AC94964ED675B3ED0727059B7F97B, 5468B5E9B75B10EA0BFBD81827FFC9CABFC69A4065CC5A5792DBC289D4DA27EE ] ikbevent        C:\WINDOWS\system32\DRIVERS\ikbevent.sys
18:13:21.0490 0x19a0  ikbevent - ok
18:13:21.0526 0x19a0  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:13:21.0584 0x19a0  IKEEXT - ok
18:13:21.0590 0x19a0  [ 2FDB67F5B9F4E96B40FDC9D1AA0B686F, B556328D54F886792A89588F3FEFE38F7129E3D7A417CDC012778FA4EF37A8C1 ] imsevent        C:\WINDOWS\system32\DRIVERS\imsevent.sys
18:13:21.0598 0x19a0  imsevent - ok
18:13:21.0604 0x19a0  [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON         C:\WINDOWS\System32\Drivers\INETMON.sys
18:13:21.0614 0x19a0  INETMON - ok
18:13:21.0618 0x19a0  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:13:21.0628 0x19a0  intaud_WaveExtensible - ok
18:13:21.0762 0x19a0  [ E39307AB89491751020D5FBD9E080926, A78A0ECF3DA005A76B0895FA0EEE3EC66AA9518307E1FFC59162D2E5308189E2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:13:21.0918 0x19a0  IntcAzAudAddService - ok
18:13:21.0949 0x19a0  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:13:21.0965 0x19a0  IntcDAud - ok
18:13:22.0012 0x19a0  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:13:22.0058 0x19a0  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
18:13:25.0220 0x19a0  Detect skipped due to KSN trusted
18:13:25.0220 0x19a0  Intel(R) Capability Licensing Service Interface - ok
18:13:25.0267 0x19a0  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:13:25.0298 0x19a0  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:13:25.0314 0x19a0  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:13:25.0330 0x19a0  Intel(R) ME Service - ok
18:13:25.0345 0x19a0  [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
18:13:25.0345 0x19a0  Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok
18:13:25.0377 0x19a0  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:13:25.0377 0x19a0  intelide - ok
18:13:25.0408 0x19a0  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:13:25.0422 0x19a0  intelpep - ok
18:13:25.0444 0x19a0  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:13:25.0486 0x19a0  intelppm - ok
18:13:25.0494 0x19a0  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:13:25.0523 0x19a0  IpFilterDriver - ok
18:13:25.0580 0x19a0  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:13:25.0613 0x19a0  iphlpsvc - ok
18:13:25.0646 0x19a0  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:13:25.0668 0x19a0  IPMIDRV - ok
18:13:25.0675 0x19a0  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:13:25.0680 0x19a0  IPNAT - ok
18:13:25.0696 0x19a0  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:13:25.0712 0x19a0  IRENUM - ok
18:13:25.0727 0x19a0  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:13:25.0727 0x19a0  isapnp - ok
18:13:25.0743 0x19a0  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:13:25.0774 0x19a0  iScsiPrt - ok
18:13:25.0805 0x19a0  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\WINDOWS\System32\drivers\ISCTD64.sys
18:13:25.0837 0x19a0  ISCT - ok
18:13:25.0884 0x19a0  [ 2A676B190889ACEDF3AA8D64C269F8AF, 7830536B86BC4233AD4EDD30B6CDEFDCA3969BD53B970BAA6ADCE9C3B88B8593 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
18:13:25.0899 0x19a0  ISCTAgent - ok
18:13:25.0899 0x19a0  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
18:13:25.0915 0x19a0  iwdbus - ok
18:13:25.0930 0x19a0  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:13:25.0946 0x19a0  jhi_service - ok
18:13:25.0946 0x19a0  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:13:25.0962 0x19a0  kbdclass - ok
18:13:25.0962 0x19a0  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:13:25.0977 0x19a0  kbdhid - ok
18:13:25.0977 0x19a0  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:13:26.0009 0x19a0  kdnic - ok
18:13:26.0024 0x19a0  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:13:26.0040 0x19a0  KeyIso - ok
18:13:26.0040 0x19a0  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:13:26.0055 0x19a0  KSecDD - ok
18:13:26.0071 0x19a0  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:13:26.0118 0x19a0  KSecPkg - ok
18:13:26.0118 0x19a0  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:13:26.0150 0x19a0  ksthunk - ok
18:13:26.0185 0x19a0  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:13:26.0237 0x19a0  KtmRm - ok
18:13:26.0271 0x19a0  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:13:26.0307 0x19a0  LanmanServer - ok
18:13:26.0339 0x19a0  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:13:26.0385 0x19a0  LanmanWorkstation - ok
18:13:26.0412 0x19a0  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:13:26.0464 0x19a0  lfsvc - ok
18:13:26.0468 0x19a0  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:13:26.0496 0x19a0  lltdio - ok
18:13:26.0512 0x19a0  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:13:26.0548 0x19a0  lltdsvc - ok
18:13:26.0564 0x19a0  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:13:26.0611 0x19a0  lmhosts - ok
18:13:26.0673 0x19a0  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:13:26.0705 0x19a0  LMS - ok
18:13:26.0720 0x19a0  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:13:26.0720 0x19a0  LSI_SAS - ok
18:13:26.0736 0x19a0  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:13:26.0752 0x19a0  LSI_SAS2 - ok
18:13:26.0767 0x19a0  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:13:26.0767 0x19a0  LSI_SAS3 - ok
18:13:26.0783 0x19a0  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:13:26.0783 0x19a0  LSI_SSS - ok
18:13:26.0845 0x19a0  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
18:13:26.0892 0x19a0  LSM - ok
18:13:26.0923 0x19a0  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:13:26.0939 0x19a0  luafv - ok
18:13:27.0096 0x19a0  [ AE5983648FC4C35EE202724B21F60201, 31912873FBD0F81FCDBBEC1C5ADA28D8F84CD3FB9BA2EF6348400B6DD185B676 ] MaxthonUpdateSvc C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
18:13:27.0143 0x19a0  MaxthonUpdateSvc - ok
18:13:27.0159 0x19a0  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:13:27.0174 0x19a0  mbamchameleon - ok
18:13:27.0174 0x19a0  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:13:27.0190 0x19a0  megasas - ok
18:13:27.0221 0x19a0  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:13:27.0237 0x19a0  megasr - ok
18:13:27.0253 0x19a0  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
18:13:27.0268 0x19a0  MEIx64 - ok
18:13:27.0268 0x19a0  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:13:27.0315 0x19a0  MMCSS - ok
18:13:27.0315 0x19a0  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:13:27.0393 0x19a0  Modem - ok
18:13:27.0393 0x19a0  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:13:27.0440 0x19a0  monitor - ok
18:13:27.0471 0x19a0  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:13:27.0487 0x19a0  mouclass - ok
18:13:27.0503 0x19a0  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:13:27.0518 0x19a0  mouhid - ok
18:13:27.0534 0x19a0  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:13:27.0549 0x19a0  mountmgr - ok
18:13:27.0581 0x19a0  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:13:27.0581 0x19a0  MozillaMaintenance - ok
18:13:27.0596 0x19a0  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:13:27.0612 0x19a0  mpsdrv - ok
18:13:27.0643 0x19a0  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:13:27.0674 0x19a0  MpsSvc - ok
18:13:27.0737 0x19a0  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:13:27.0768 0x19a0  MRxDAV - ok
18:13:27.0815 0x19a0  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:13:27.0893 0x19a0  mrxsmb - ok
18:13:27.0924 0x19a0  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:13:27.0974 0x19a0  mrxsmb10 - ok
18:13:28.0005 0x19a0  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:13:28.0036 0x19a0  mrxsmb20 - ok
18:13:28.0052 0x19a0  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:13:28.0099 0x19a0  MsBridge - ok
18:13:28.0114 0x19a0  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:13:28.0161 0x19a0  MSDTC - ok
18:13:28.0161 0x19a0  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:13:28.0177 0x19a0  Msfs - ok
18:13:28.0208 0x19a0  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:13:28.0224 0x19a0  msgpiowin32 - ok
18:13:28.0224 0x19a0  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:13:28.0239 0x19a0  mshidkmdf - ok
18:13:28.0255 0x19a0  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:13:28.0270 0x19a0  mshidumdf - ok
18:13:28.0287 0x19a0  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:13:28.0303 0x19a0  msisadrv - ok
18:13:28.0319 0x19a0  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:13:28.0350 0x19a0  MSiSCSI - ok
18:13:28.0350 0x19a0  msiserver - ok
18:13:28.0381 0x19a0  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:13:28.0397 0x19a0  MSKSSRV - ok
18:13:28.0397 0x19a0  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:13:28.0444 0x19a0  MsLldp - ok
18:13:28.0475 0x19a0  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:13:28.0490 0x19a0  MSPCLOCK - ok
18:13:28.0490 0x19a0  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:13:28.0506 0x19a0  MSPQM - ok
18:13:28.0522 0x19a0  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:13:28.0537 0x19a0  MsRPC - ok
18:13:28.0553 0x19a0  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:13:28.0569 0x19a0  mssmbios - ok
18:13:28.0584 0x19a0  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:13:28.0584 0x19a0  MSTEE - ok
18:13:28.0600 0x19a0  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:13:28.0631 0x19a0  MTConfig - ok
18:13:28.0631 0x19a0  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:13:28.0647 0x19a0  Mup - ok
18:13:28.0662 0x19a0  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:13:28.0662 0x19a0  mvumis - ok
18:13:28.0694 0x19a0  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:13:28.0709 0x19a0  MyWiFiDHCPDNS - ok
18:13:28.0740 0x19a0  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:13:28.0803 0x19a0  napagent - ok
18:13:28.0897 0x19a0  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:13:28.0944 0x19a0  NativeWifiP - ok
18:13:28.0959 0x19a0  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:13:28.0975 0x19a0  NcaSvc - ok
18:13:28.0990 0x19a0  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:13:29.0006 0x19a0  NcbService - ok
18:13:29.0006 0x19a0  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:13:29.0053 0x19a0  NcdAutoSetup - ok
18:13:29.0147 0x19a0  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:13:29.0178 0x19a0  NDIS - ok
18:13:29.0194 0x19a0  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:13:29.0209 0x19a0  NdisCap - ok
18:13:29.0209 0x19a0  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:13:29.0240 0x19a0  NdisImPlatform - ok
18:13:29.0272 0x19a0  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:13:29.0287 0x19a0  NdisTapi - ok
18:13:29.0287 0x19a0  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:13:29.0303 0x19a0  Ndisuio - ok
18:13:29.0303 0x19a0  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:13:29.0350 0x19a0  NdisVirtualBus - ok
18:13:29.0350 0x19a0  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:13:29.0381 0x19a0  NdisWan - ok
18:13:29.0381 0x19a0  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:13:29.0397 0x19a0  NdisWanLegacy - ok
18:13:29.0397 0x19a0  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:13:29.0428 0x19a0  NDProxy - ok
18:13:29.0428 0x19a0  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:13:29.0459 0x19a0  Ndu - ok
18:13:29.0459 0x19a0  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:13:29.0490 0x19a0  NetBIOS - ok
18:13:29.0506 0x19a0  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:13:29.0537 0x19a0  NetBT - ok
18:13:29.0569 0x19a0  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:13:29.0569 0x19a0  Netlogon - ok
18:13:29.0584 0x19a0  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
18:13:29.0631 0x19a0  Netman - ok
18:13:29.0647 0x19a0  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:13:29.0678 0x19a0  netprofm - ok
18:13:29.0725 0x19a0  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:13:29.0740 0x19a0  NetTcpPortSharing - ok
18:13:29.0756 0x19a0  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
18:13:29.0772 0x19a0  netvsc - ok
18:13:29.0881 0x19a0  [ F891EBF94DF71072CAC432F170192FD4, 167B117323542AECBF393C13AE4447FCB36E5D19D72DB59895C71844566A9DAA ] NETwNb64        C:\WINDOWS\system32\DRIVERS\Netwbw02.sys
18:13:30.0022 0x19a0  NETwNb64 - ok
18:13:30.0162 0x19a0  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew02.sys
18:13:30.0287 0x19a0  NETwNe64 - ok
18:13:30.0334 0x19a0  [ 02E736F9861F1A6134736CF7473C513F, 7C574A50980885B213EFC0C394AFE613879B669246A4EA5EA6B5F791F7F6F32E ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
18:13:30.0365 0x19a0  NitroDriverReadSpool9 - ok
18:13:30.0381 0x19a0  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:13:30.0412 0x19a0  NlaSvc - ok
18:13:30.0459 0x19a0  [ CD2C0C25ECFCF816306126D3C208614B, C0C8B59BDDB349A593DFF5107841EB76618631C867D7C8F234C9ECBD76713CB0 ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
18:13:30.0459 0x19a0  nlsX86cc - ok
18:13:30.0475 0x19a0  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:13:30.0490 0x19a0  Npfs - ok
18:13:30.0490 0x19a0  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:13:30.0506 0x19a0  npsvctrig - ok
18:13:30.0522 0x19a0  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:13:30.0553 0x19a0  nsi - ok
18:13:30.0584 0x19a0  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:13:30.0615 0x19a0  nsiproxy - ok
18:13:30.0678 0x19a0  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:13:30.0740 0x19a0  Ntfs - ok
18:13:30.0787 0x19a0  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:13:30.0850 0x19a0  Null - ok
18:13:30.0850 0x19a0  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:13:30.0881 0x19a0  nvraid - ok
18:13:30.0881 0x19a0  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:13:30.0897 0x19a0  nvstor - ok
18:13:30.0912 0x19a0  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:13:30.0928 0x19a0  nv_agp - ok
18:13:30.0959 0x19a0  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:13:31.0006 0x19a0  p2pimsvc - ok
18:13:31.0037 0x19a0  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:13:31.0100 0x19a0  p2psvc - ok
18:13:31.0131 0x19a0  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:13:31.0178 0x19a0  Parport - ok
18:13:31.0194 0x19a0  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:13:31.0209 0x19a0  partmgr - ok
18:13:31.0225 0x19a0  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:13:31.0272 0x19a0  PcaSvc - ok
18:13:31.0334 0x19a0  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:13:31.0350 0x19a0  pci - ok
18:13:31.0365 0x19a0  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:13:31.0381 0x19a0  pciide - ok
18:13:31.0381 0x19a0  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:13:31.0397 0x19a0  pcmcia - ok
18:13:31.0397 0x19a0  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:13:31.0412 0x19a0  pcw - ok
18:13:31.0428 0x19a0  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:13:31.0444 0x19a0  pdc - ok
18:13:31.0459 0x19a0  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:13:31.0522 0x19a0  PEAUTH - ok
18:13:31.0537 0x19a0  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:13:31.0553 0x19a0  PerfHost - ok
18:13:31.0600 0x19a0  [ 64351455DF585673FECA37136BC8CBAC, 41376D69CD5F241F27E4F1B2FF06056DB5551C62393DD5FC357B38CC61677EFE ] PGService       C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
18:13:31.0631 0x19a0  PGService - ok
18:13:31.0647 0x19a0  [ 29D2ADBA0F22B82D7B1C502A26558C7B, C0280D99614DE2490413ED6DB06CFBD0480766D0F7173DEEBCA6AE8D2CB111F7 ] PG_Service_Launcher C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
18:13:31.0662 0x19a0  PG_Service_Launcher - ok
18:13:31.0709 0x19a0  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
18:13:31.0772 0x19a0  pla - ok
18:13:31.0787 0x19a0  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:13:31.0803 0x19a0  PlugPlay - ok
18:13:31.0803 0x19a0  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:13:31.0819 0x19a0  PNRPAutoReg - ok
18:13:31.0834 0x19a0  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:13:31.0850 0x19a0  PNRPsvc - ok
18:13:31.0881 0x19a0  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:13:32.0006 0x19a0  PolicyAgent - ok
18:13:32.0022 0x19a0  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
18:13:32.0053 0x19a0  Power - ok
18:13:32.0162 0x19a0  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:13:32.0319 0x19a0  PrintNotify - ok
18:13:32.0412 0x19a0  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:13:32.0428 0x19a0  Processor - ok
18:13:32.0444 0x19a0  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:13:32.0459 0x19a0  ProfSvc - ok
18:13:32.0459 0x19a0  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:13:32.0490 0x19a0  Psched - ok
18:13:32.0506 0x19a0  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:13:32.0537 0x19a0  QWAVE - ok
18:13:32.0537 0x19a0  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:13:32.0569 0x19a0  QWAVEdrv - ok
18:13:32.0600 0x19a0  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:13:32.0615 0x19a0  RasAcd - ok
18:13:32.0631 0x19a0  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:13:32.0662 0x19a0  RasAuto - ok
18:13:32.0678 0x19a0  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:13:32.0694 0x19a0  RasMan - ok
18:13:32.0709 0x19a0  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:13:32.0725 0x19a0  RasPppoe - ok
18:13:32.0756 0x19a0  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:13:32.0787 0x19a0  rdbss - ok
18:13:32.0803 0x19a0  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:13:32.0834 0x19a0  rdpbus - ok
18:13:32.0850 0x19a0  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:13:32.0897 0x19a0  RDPDR - ok
18:13:32.0928 0x19a0  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:13:32.0959 0x19a0  RdpVideoMiniport - ok
18:13:32.0975 0x19a0  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:13:32.0990 0x19a0  rdyboost - ok
18:13:33.0069 0x19a0  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:13:33.0100 0x19a0  ReFS - ok
18:13:33.0178 0x19a0  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:13:33.0209 0x19a0  RegSrvc - ok
18:13:33.0256 0x19a0  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:13:33.0287 0x19a0  RemoteAccess - ok
18:13:33.0381 0x19a0  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:13:33.0412 0x19a0  RemoteRegistry - ok
18:13:33.0444 0x19a0  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
18:13:33.0459 0x19a0  RFCOMM - ok
18:13:33.0553 0x19a0  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
18:13:33.0584 0x19a0  RichVideo64 - ok
18:13:33.0600 0x19a0  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:13:33.0616 0x19a0  RpcEptMapper - ok
18:13:33.0647 0x19a0  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:13:33.0662 0x19a0  RpcLocator - ok
18:13:33.0678 0x19a0  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:13:33.0709 0x19a0  RpcSs - ok
18:13:33.0756 0x19a0  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:13:33.0787 0x19a0  rspndr - ok
18:13:34.0381 0x19a0  [ D72F22971F0F492BE045EBAB0C79177D, 984B161880226440B5BF09478C783543C242CA995E56074229385E88FF87399A ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
18:13:34.0709 0x19a0  rtsuvc - ok
18:13:34.0740 0x19a0  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:13:34.0772 0x19a0  s3cap - ok
18:13:34.0803 0x19a0  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:13:34.0819 0x19a0  SamSs - ok
18:13:34.0850 0x19a0  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:13:34.0865 0x19a0  sbp2port - ok
18:13:34.0881 0x19a0  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:13:34.0897 0x19a0  SCardSvr - ok
18:13:34.0912 0x19a0  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:13:34.0944 0x19a0  ScDeviceEnum - ok
18:13:34.0975 0x19a0  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:13:34.0990 0x19a0  scfilter - ok
18:13:35.0037 0x19a0  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:13:35.0084 0x19a0  Schedule - ok
18:13:35.0100 0x19a0  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:13:35.0115 0x19a0  SCPolicySvc - ok
18:13:35.0178 0x19a0  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:13:35.0225 0x19a0  sdbus - ok
18:13:35.0490 0x19a0  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:13:35.0600 0x19a0  SDScannerService - ok
18:13:35.0647 0x19a0  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:13:35.0647 0x19a0  sdstor - ok
18:13:35.0725 0x19a0  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:13:35.0787 0x19a0  SDUpdateService - ok
18:13:35.0803 0x19a0  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:13:35.0819 0x19a0  SDWSCService - ok
18:13:35.0834 0x19a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:13:35.0850 0x19a0  secdrv - ok
18:13:35.0865 0x19a0  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:13:35.0881 0x19a0  seclogon - ok
18:13:35.0897 0x19a0  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
18:13:35.0928 0x19a0  SENS - ok
18:13:35.0928 0x19a0  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsSimulatorDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:35.0959 0x19a0  SensorsSimulatorDriver - ok
18:13:35.0975 0x19a0  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:13:35.0990 0x19a0  SensrSvc - ok
18:13:36.0006 0x19a0  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:13:36.0022 0x19a0  SerCx - ok
18:13:36.0022 0x19a0  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:13:36.0037 0x19a0  SerCx2 - ok
18:13:36.0037 0x19a0  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:13:36.0069 0x19a0  Serenum - ok
18:13:36.0100 0x19a0  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:13:36.0115 0x19a0  Serial - ok
18:13:36.0115 0x19a0  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:13:36.0131 0x19a0  sermouse - ok
18:13:36.0162 0x19a0  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:13:36.0209 0x19a0  SessionEnv - ok
18:13:36.0209 0x19a0  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:13:36.0225 0x19a0  sfloppy - ok
18:13:36.0240 0x19a0  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:13:36.0272 0x19a0  SharedAccess - ok
18:13:36.0337 0x19a0  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:13:36.0369 0x19a0  ShellHWDetection - ok
18:13:36.0384 0x19a0  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:13:36.0384 0x19a0  SiSRaid2 - ok
18:13:36.0400 0x19a0  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:13:36.0400 0x19a0  SiSRaid4 - ok
18:13:36.0431 0x19a0  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:13:36.0447 0x19a0  SkypeUpdate - ok
18:13:36.0462 0x19a0  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
18:13:36.0509 0x19a0  smphost - ok
18:13:36.0541 0x19a0  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:13:36.0556 0x19a0  SNMPTRAP - ok
18:13:36.0587 0x19a0  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:13:36.0619 0x19a0  spaceport - ok
18:13:36.0619 0x19a0  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:13:36.0634 0x19a0  SpbCx - ok
18:13:36.0728 0x19a0  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:13:36.0775 0x19a0  Spooler - ok
18:13:37.0228 0x19a0  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:13:37.0494 0x19a0  sppsvc - ok
18:13:37.0541 0x19a0  [ EAD5300C93946B0250A309E2BF2BE4CF, 6B9131D94ED31F838B1820EE67F068C4741B69D5C655587C89C9477986BD270F ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:13:37.0556 0x19a0  SQLWriter - ok
18:13:37.0603 0x19a0  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:13:37.0650 0x19a0  srv - ok
18:13:37.0697 0x19a0  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:13:37.0759 0x19a0  srv2 - ok
18:13:37.0791 0x19a0  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:13:37.0822 0x19a0  srvnet - ok
18:13:37.0822 0x19a0  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:13:37.0869 0x19a0  SSDPSRV - ok
18:13:37.0916 0x19a0  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:13:37.0978 0x19a0  SstpSvc - ok
18:13:37.0994 0x19a0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:13:38.0025 0x19a0  ssudmdm - ok
18:13:38.0056 0x19a0  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:13:38.0072 0x19a0  Steam Client Service - ok
18:13:38.0087 0x19a0  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:13:38.0103 0x19a0  stexstor - ok
18:13:38.0134 0x19a0  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:13:38.0181 0x19a0  stisvc - ok
18:13:38.0212 0x19a0  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:13:38.0228 0x19a0  storahci - ok
18:13:38.0259 0x19a0  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
18:13:38.0275 0x19a0  storflt - ok
18:13:38.0275 0x19a0  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:13:38.0291 0x19a0  stornvme - ok
18:13:38.0291 0x19a0  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:13:38.0322 0x19a0  StorSvc - ok
18:13:38.0322 0x19a0  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:13:38.0337 0x19a0  storvsc - ok
18:13:38.0337 0x19a0  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:13:38.0369 0x19a0  svsvc - ok
18:13:38.0400 0x19a0  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:13:38.0416 0x19a0  swenum - ok
18:13:38.0556 0x19a0  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
18:13:38.0603 0x19a0  swprv - ok
18:13:38.0650 0x19a0  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:13:38.0728 0x19a0  SysMain - ok
18:13:38.0728 0x19a0  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:13:38.0759 0x19a0  SystemEventsBroker - ok
18:13:38.0775 0x19a0  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:13:38.0791 0x19a0  TabletInputService - ok
18:13:38.0822 0x19a0  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:13:38.0853 0x19a0  TapiSrv - ok
18:13:38.0947 0x19a0  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:13:39.0041 0x19a0  Tcpip - ok
18:13:39.0134 0x19a0  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:13:39.0212 0x19a0  TCPIP6 - ok
18:13:39.0228 0x19a0  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:13:39.0244 0x19a0  tcpipreg - ok
18:13:39.0259 0x19a0  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:13:39.0291 0x19a0  tdx - ok
18:13:39.0291 0x19a0  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:13:39.0306 0x19a0  terminpt - ok
18:13:39.0353 0x19a0  [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService     C:\WINDOWS\System32\termsrv.dll
18:13:39.0416 0x19a0  TermService - ok
18:13:39.0431 0x19a0  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
18:13:39.0447 0x19a0  Themes - ok
18:13:39.0447 0x19a0  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:13:39.0462 0x19a0  THREADORDER - ok
18:13:39.0478 0x19a0  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:13:39.0509 0x19a0  TimeBroker - ok
18:13:39.0509 0x19a0  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:13:39.0525 0x19a0  TPM - ok
18:13:39.0541 0x19a0  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:13:39.0572 0x19a0  TrkWks - ok
18:13:39.0603 0x19a0  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:13:39.0634 0x19a0  TrustedInstaller - ok
18:13:39.0634 0x19a0  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:13:39.0650 0x19a0  TsUsbFlt - ok
18:13:39.0666 0x19a0  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:13:39.0681 0x19a0  TsUsbGD - ok
18:13:39.0681 0x19a0  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:13:39.0713 0x19a0  tunnel - ok
18:13:39.0728 0x19a0  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:13:39.0744 0x19a0  uagp35 - ok
18:13:39.0775 0x19a0  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:13:39.0775 0x19a0  UASPStor - ok
18:13:39.0806 0x19a0  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:13:39.0822 0x19a0  UCX01000 - ok
18:13:39.0838 0x19a0  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:13:39.0869 0x19a0  udfs - ok
18:13:39.0885 0x19a0  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:13:39.0885 0x19a0  UEFI - ok
18:13:39.0900 0x19a0  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:13:39.0931 0x19a0  UI0Detect - ok
18:13:39.0931 0x19a0  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:13:39.0947 0x19a0  uliagpkx - ok
18:13:39.0947 0x19a0  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:13:39.0963 0x19a0  umbus - ok
18:13:39.0963 0x19a0  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:13:39.0978 0x19a0  UmPass - ok
18:13:39.0994 0x19a0  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:13:40.0025 0x19a0  UmRdpService - ok
18:13:40.0025 0x19a0  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:13:40.0056 0x19a0  upnphost - ok
18:13:40.0103 0x19a0  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:13:40.0119 0x19a0  usbccgp - ok
18:13:40.0135 0x19a0  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:13:40.0150 0x19a0  usbcir - ok
18:13:40.0166 0x19a0  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:13:40.0181 0x19a0  usbehci - ok
18:13:40.0244 0x19a0  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:13:40.0275 0x19a0  usbhub - ok
18:13:40.0306 0x19a0  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:13:40.0338 0x19a0  USBHUB3 - ok
18:13:40.0338 0x19a0  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:13:40.0447 0x19a0  usbohci - ok
18:13:40.0447 0x19a0  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:13:40.0478 0x19a0  usbprint - ok
18:13:40.0510 0x19a0  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:13:40.0525 0x19a0  USBSTOR - ok
18:13:40.0541 0x19a0  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:13:40.0572 0x19a0  usbuhci - ok
18:13:40.0603 0x19a0  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:13:40.0650 0x19a0  usbvideo - ok
18:13:40.0666 0x19a0  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:13:40.0681 0x19a0  USBXHCI - ok
18:13:40.0713 0x19a0  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:13:40.0744 0x19a0  VaultSvc - ok
18:13:40.0744 0x19a0  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:13:40.0760 0x19a0  vdrvroot - ok
18:13:40.0791 0x19a0  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
18:13:40.0838 0x19a0  vds - ok
18:13:40.0853 0x19a0  [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv     C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
18:13:40.0853 0x19a0  VeriFaceSrv - ok
18:13:40.0869 0x19a0  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:13:40.0885 0x19a0  VerifierExt - ok
18:13:40.0901 0x19a0  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:13:40.0933 0x19a0  vhdmp - ok
18:13:40.0948 0x19a0  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:13:40.0964 0x19a0  viaide - ok
18:13:40.0980 0x19a0  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:13:40.0980 0x19a0  vmbus - ok
18:13:40.0995 0x19a0  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:13:41.0026 0x19a0  VMBusHID - ok
18:13:41.0120 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:13:41.0151 0x19a0  vmicguestinterface - ok
18:13:41.0167 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:13:41.0183 0x19a0  vmicheartbeat - ok
18:13:41.0198 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:13:41.0229 0x19a0  vmickvpexchange - ok
18:13:41.0245 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:13:41.0261 0x19a0  vmicrdv - ok
18:13:41.0276 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:13:41.0292 0x19a0  vmicshutdown - ok
18:13:41.0308 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:13:41.0323 0x19a0  vmictimesync - ok
18:13:41.0339 0x19a0  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:13:41.0370 0x19a0  vmicvss - ok
18:13:41.0370 0x19a0  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:13:41.0386 0x19a0  volmgr - ok
18:13:41.0401 0x19a0  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:13:41.0417 0x19a0  volmgrx - ok
18:13:41.0433 0x19a0  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:13:41.0448 0x19a0  volsnap - ok
18:13:41.0448 0x19a0  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:13:41.0464 0x19a0  vpci - ok
18:13:41.0511 0x19a0  [ 78836108CF5AC6A0B365AC50A72F16D6, 53130B29A84E1CB5E96B81137DF7CFA69BF2A3C7E884ED45069BA9F5438776C1 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:13:41.0526 0x19a0  vpnagent - ok
18:13:41.0542 0x19a0  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys
18:13:41.0542 0x19a0  vpnva - ok
18:13:41.0558 0x19a0  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:13:41.0573 0x19a0  vsmraid - ok
18:13:41.0620 0x19a0  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
18:13:41.0667 0x19a0  VSS - ok
18:13:41.0683 0x19a0  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:13:41.0698 0x19a0  VSTXRAID - ok
18:13:41.0698 0x19a0  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:13:41.0729 0x19a0  vwifibus - ok
18:13:41.0745 0x19a0  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:13:41.0823 0x19a0  vwififlt - ok
18:13:41.0839 0x19a0  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:13:41.0870 0x19a0  vwifimp - ok
18:13:41.0886 0x19a0  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
18:13:41.0901 0x19a0  W32Time - ok
18:13:41.0917 0x19a0  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:13:41.0933 0x19a0  WacomPen - ok
18:13:42.0026 0x19a0  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:13:42.0073 0x19a0  wbengine - ok
18:13:42.0104 0x19a0  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:13:42.0136 0x19a0  WbioSrvc - ok
18:13:42.0151 0x19a0  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:13:42.0183 0x19a0  Wcmsvc - ok
18:13:42.0198 0x19a0  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:13:42.0214 0x19a0  wcncsvc - ok
18:13:42.0245 0x19a0  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:13:42.0261 0x19a0  WcsPlugInService - ok
18:13:42.0276 0x19a0  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:13:42.0292 0x19a0  WdBoot - ok
18:13:42.0308 0x19a0  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:13:42.0339 0x19a0  Wdf01000 - ok
18:13:42.0354 0x19a0  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:13:42.0370 0x19a0  WdFilter - ok
18:13:42.0370 0x19a0  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:13:42.0386 0x19a0  WdiServiceHost - ok
18:13:42.0386 0x19a0  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:13:42.0417 0x19a0  WdiSystemHost - ok
18:13:42.0433 0x19a0  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:13:42.0448 0x19a0  WdNisDrv - ok
18:13:42.0448 0x19a0  WdNisSvc - ok
18:13:42.0495 0x19a0  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:13:42.0511 0x19a0  WebClient - ok
18:13:42.0511 0x19a0  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:13:42.0558 0x19a0  Wecsvc - ok
18:13:42.0573 0x19a0  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:13:42.0620 0x19a0  WEPHOSTSVC - ok
18:13:42.0636 0x19a0  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:13:42.0667 0x19a0  wercplsupport - ok
18:13:42.0667 0x19a0  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:13:42.0683 0x19a0  WerSvc - ok
18:13:42.0714 0x19a0  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:13:42.0729 0x19a0  WFPLWFS - ok
18:13:42.0729 0x19a0  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:13:42.0745 0x19a0  WiaRpc - ok
18:13:42.0761 0x19a0  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:13:42.0761 0x19a0  WIMMount - ok
18:13:42.0761 0x19a0  WinDefend - ok
18:13:42.0808 0x19a0  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:13:42.0870 0x19a0  WinHttpAutoProxySvc - ok
18:13:42.0901 0x19a0  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:13:42.0964 0x19a0  Winmgmt - ok
18:13:43.0026 0x19a0  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:13:43.0105 0x19a0  WinRM - ok
18:13:43.0151 0x19a0  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
18:13:43.0183 0x19a0  WinUsb - ok
18:13:43.0261 0x19a0  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:13:43.0308 0x19a0  WlanSvc - ok
18:13:43.0370 0x19a0  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:13:43.0448 0x19a0  wlidsvc - ok
18:13:43.0464 0x19a0  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:13:43.0480 0x19a0  WmiAcpi - ok
18:13:43.0495 0x19a0  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:13:43.0526 0x19a0  wmiApSrv - ok
18:13:43.0526 0x19a0  WMPNetworkSvc - ok
18:13:43.0542 0x19a0  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:13:43.0558 0x19a0  Wof - ok
18:13:43.0620 0x19a0  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:13:43.0683 0x19a0  workfolderssvc - ok
18:13:43.0714 0x19a0  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:13:43.0730 0x19a0  wpcfltr - ok
18:13:43.0745 0x19a0  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:13:43.0761 0x19a0  WPCSvc - ok
18:13:43.0777 0x19a0  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:13:43.0808 0x19a0  WPDBusEnum - ok
18:13:43.0823 0x19a0  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:13:43.0839 0x19a0  WpdUpFltr - ok
18:13:43.0855 0x19a0  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:13:43.0870 0x19a0  ws2ifsl - ok
18:13:43.0886 0x19a0  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:13:43.0917 0x19a0  wscsvc - ok
18:13:43.0917 0x19a0  WSearch - ok
18:13:44.0042 0x19a0  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
18:13:44.0154 0x19a0  WSService - ok
18:13:44.0185 0x19a0  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
18:13:44.0201 0x19a0  wsvd - ok
18:13:44.0326 0x19a0  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:13:44.0436 0x19a0  wuauserv - ok
18:13:44.0467 0x19a0  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:13:44.0482 0x19a0  WudfPf - ok
18:13:44.0498 0x19a0  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:13:44.0514 0x19a0  WUDFRd - ok
18:13:44.0514 0x19a0  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:13:44.0564 0x19a0  wudfsvc - ok
18:13:44.0572 0x19a0  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:44.0575 0x19a0  WUDFWpdFs - ok
18:13:44.0590 0x19a0  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:44.0606 0x19a0  WUDFWpdMtp - ok
18:13:44.0622 0x19a0  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:13:44.0653 0x19a0  WwanSvc - ok
18:13:44.0840 0x19a0  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:13:44.0965 0x19a0  ZeroConfigService - ok
18:13:44.0981 0x19a0  ================ Scan global ===============================
18:13:44.0997 0x19a0  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
18:13:44.0997 0x19a0  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
18:13:45.0012 0x19a0  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
18:13:45.0044 0x19a0  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
18:13:45.0044 0x19a0  [ Global ] - ok
18:13:45.0044 0x19a0  ================ Scan MBR ==================================
18:13:45.0059 0x19a0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:13:45.0122 0x19a0  \Device\Harddisk0\DR0 - ok
18:13:45.0122 0x19a0  ================ Scan VBR ==================================
18:13:45.0122 0x19a0  [ 2A2E6EBE3F9D94DAEE9A65B2B5066D19 ] \Device\Harddisk0\DR0\Partition1
18:13:45.0137 0x19a0  \Device\Harddisk0\DR0\Partition1 - ok
18:13:45.0169 0x19a0  [ 9FA178A97DCE7362011A7FFF6FDA3AFD ] \Device\Harddisk0\DR0\Partition2
18:13:45.0169 0x19a0  \Device\Harddisk0\DR0\Partition2 - ok
18:13:45.0184 0x19a0  [ FD2F571144C3D4DF98714F9C57DDB9DF ] \Device\Harddisk0\DR0\Partition3
18:13:45.0200 0x19a0  \Device\Harddisk0\DR0\Partition3 - ok
18:13:45.0200 0x19a0  [ 62B154E5B170E88FCB9B2F428F43AC8A ] \Device\Harddisk0\DR0\Partition4
18:13:45.0215 0x19a0  \Device\Harddisk0\DR0\Partition4 - ok
18:13:45.0215 0x19a0  [ 0271E309660CBA6A6B6CC844062F0A9C ] \Device\Harddisk0\DR0\Partition5
18:13:45.0231 0x19a0  \Device\Harddisk0\DR0\Partition5 - ok
18:13:45.0264 0x19a0  [ 5B843986F75659B0EDA0708021E73503 ] \Device\Harddisk0\DR0\Partition6
18:13:45.0280 0x19a0  \Device\Harddisk0\DR0\Partition6 - ok
18:13:45.0296 0x19a0  [ 409A0834B03645D13AC19AC71E662A6C ] \Device\Harddisk0\DR0\Partition7
18:13:45.0311 0x19a0  \Device\Harddisk0\DR0\Partition7 - ok
18:13:45.0311 0x19a0  ================ Scan generic autorun ======================
18:13:45.0358 0x19a0  [ 2FA26C993349B4D2016CBE21A49E5432, 9AD05224E1E2306271D1E2D74B63253F3807D4C60F8B94B661527B311D7E892A ] C:\WINDOWS\system32\igfxtray.exe
18:13:45.0374 0x19a0  IgfxTray - ok
18:13:45.0389 0x19a0  [ A608F8BDF259CB3C323247CC1A533A10, 82126BA52DBF2C97884BAFD5E5A74ABDCA3E092DACB8A4CADFF2851520727E5B ] C:\WINDOWS\system32\hkcmd.exe
18:13:45.0405 0x19a0  HotKeysCmds - ok
18:13:45.0436 0x19a0  [ 47189B3FB35A23FD5A491A79EDBEDA0D, 04986B81A450F65E16A974AA7F2987273887A0F9FFEE2D904D0FC64E8D3CDE22 ] C:\WINDOWS\system32\igfxpers.exe
18:13:45.0467 0x19a0  Persistence - ok
18:13:45.0467 0x19a0  BTMTrayAgent - ok
18:13:45.0827 0x19a0  [ 66EB84DA5F31FDA757336444B8D1E3B2, FECAB747B321AD6ED2336C1FB2E756C39883275ED54A559CF7B6989DEA4DD7EB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:13:46.0217 0x19a0  RtHDVCpl - ok
18:13:46.0264 0x19a0  [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
18:13:46.0311 0x19a0  RtHDVBg_Dolby - ok
18:13:46.0311 0x19a0  ETDCtrl - ok
18:13:46.0514 0x19a0  [ F7924502BDFBBD3AD2FAF913F159F0A2, 59217F1B6A3E7FB7BB4C806DB762282533C73A16845A3578DC93BCFA33867B5F ] C:\WINDOWS\RTFTrack.exe
18:13:46.0733 0x19a0  RtsFT - ok
18:13:47.0204 0x19a0  [ 64CA43FF218C71AB6EB709AD0341AF2B, 45C4FCCD9F5B12A54A6186F4C94CC55A80745B09A34D398C35FD48C9BF21E6A8 ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
18:13:47.0676 0x19a0  Energy Manager - ok
18:13:47.0692 0x19a0  [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
18:13:47.0707 0x19a0  Lenovo Utility - ok
18:13:47.0723 0x19a0  [ 5603A481CDEFF6733EA1759384117A61, 79189E198675D4B3B2E91C737AB596264FE15C16A54512D1117C70729CE88546 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
18:13:47.0754 0x19a0  Cisco AnyConnect Secure Mobility Agent for Windows - ok
18:13:47.0801 0x19a0  [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
18:13:47.0832 0x19a0  avgnt - ok
18:13:47.0848 0x19a0  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:13:47.0864 0x19a0  SunJavaUpdateSched - ok
18:13:48.0082 0x19a0  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
18:13:48.0192 0x19a0  SDTray - ok
18:13:48.0223 0x19a0  [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
18:13:48.0223 0x19a0  Avira Systray - ok
18:13:48.0598 0x19a0  [ C3335307591FA55D8C5C2CBEEEAAC6D4, B48C4EAF558D6AFBAB78169C0C0559EE119CE89509D25214550434895F1EB202 ] C:\Users\Max\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
18:13:48.0895 0x19a0  Pokki - ok
18:13:48.0911 0x19a0  Waiting for KSN requests completion. In queue: 22
18:13:49.0926 0x19a0  Waiting for KSN requests completion. In queue: 22
18:13:50.0935 0x19a0  Waiting for KSN requests completion. In queue: 22
18:13:51.0962 0x19a0  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
18:13:51.0978 0x19a0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
18:13:52.0009 0x19a0  Win FW state via NFP2: enabled
18:13:54.0384 0x19a0  ============================================================
18:13:54.0384 0x19a0  Scan finished
18:13:54.0384 0x19a0  ============================================================
18:13:54.0400 0x1100  Detected object count: 0
18:13:54.0400 0x1100  Actual detected object count: 0
         

Alt 28.03.2015, 03:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.03.2015, 01:03   #9
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Sooo, vielen Dank für die ganze Hilfe.

Adware Cleaner hat etwas gefunden.

Hier die ganzen Logs:

MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.03.2015
Suchlauf-Zeit: 15:00:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.30.05
Rootkit Datenbank: v2015.03.26.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Max

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 367145
Verstrichene Zeit: 14 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
ADW
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 31/03/2015 um 01:14:50
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Max - DONQUIXOTE_D
# Gestarted von : C:\Users\Max\Downloads\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [1146 Bytes] - [30/11/2014 19:41:21]
AdwCleaner[R1].txt - [1169 Bytes] - [30/03/2015 18:55:10]
AdwCleaner[S0].txt - [1041 Bytes] - [31/03/2015 01:14:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1100  Bytes] ##########
         

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 8.1 x64
Ran by Max on 31.03.2015 at  1:42:00,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2015 at  1:45:41,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Und zuletzt die frische FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Max (administrator) on DONQUIXOTE_D on 31-03-2015 01:54:47
Running from C:\Users\Max\Downloads
Loaded Profiles: Max (Available profiles: Max)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Thisisu) C:\Users\Max\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-03-20]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20]

Chrome: 
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06]
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 01:45 - 2015-03-31 01:45 - 00000612 _____ () C:\Users\Max\Desktop\JRT.txt
2015-03-31 01:39 - 2015-03-31 01:40 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT (1).exe
2015-03-31 01:39 - 2015-03-31 01:39 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2015-03-30 15:54 - 2015-03-30 15:54 - 02208768 _____ () C:\Users\Max\Downloads\AdwCleaner_4.200.exe
2015-03-30 15:47 - 2015-03-30 15:47 - 00001192 _____ () C:\Users\Max\Desktop\mbam.txt
2015-03-30 14:59 - 2015-03-30 14:59 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-30 14:59 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-30 14:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-30 14:58 - 2015-03-30 14:58 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Max\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-27 20:12 - 2015-03-27 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-27 19:12 - 2015-03-27 19:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Max\Downloads\tdsskiller.exe
2015-03-26 14:01 - 2015-03-31 01:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 14:01 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 14:01 - 2015-03-26 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 13:50 - 2015-03-26 19:05 - 00000000 ____D () C:\Users\Max\Desktop\mbar
2015-03-26 13:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-26 13:49 - 2015-03-26 13:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Max\Downloads\mbar-1.09.1.1004.exe
2015-03-24 19:48 - 2015-03-24 19:49 - 00029464 _____ () C:\Users\Max\Downloads\Addition.txt
2015-03-24 19:47 - 2015-03-31 01:54 - 00020049 _____ () C:\Users\Max\Downloads\FRST.txt
2015-03-24 19:47 - 2015-03-31 01:54 - 00000000 ____D () C:\FRST
2015-03-24 19:47 - 2015-03-24 19:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2015-03-10 22:01 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 22:01 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 22:01 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 22:01 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 22:01 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 21:59 - 2015-01-30 05:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-10 21:59 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 21:59 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 21:59 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 21:59 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 21:59 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 21:59 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 20:59 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 20:59 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 20:59 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 20:59 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 20:59 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 20:59 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 20:59 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 20:59 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 20:59 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 20:59 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 20:59 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 20:59 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 20:59 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 20:59 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 20:59 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 20:59 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 20:59 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 20:59 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 20:59 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 20:59 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 20:59 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-10 20:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 20:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 20:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 20:58 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 20:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 20:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 20:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 20:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 20:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 20:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 20:58 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 20:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 20:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 20:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 20:58 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 20:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 20:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 20:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 20:58 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 20:58 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 20:58 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 20:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 20:58 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 20:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 20:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 20:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 20:58 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 20:58 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 20:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 20:58 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 20:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 20:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 20:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 20:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 20:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 20:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 20:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 20:58 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 20:58 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 20:58 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 20:58 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 20:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 20:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 20:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 20:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 01:55 - 2014-11-06 17:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 01:30 - 2014-11-03 15:45 - 00000000 ___DO () C:\Users\Max\OneDrive
2015-03-31 01:24 - 2014-07-07 08:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-31 01:24 - 2014-07-07 08:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-31 01:24 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 01:17 - 2014-11-26 16:55 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-31 01:17 - 2014-11-06 17:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 01:17 - 2013-08-22 16:46 - 00050302 _____ () C:\WINDOWS\setupact.log
2015-03-31 01:16 - 2014-11-07 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 01:16 - 2014-03-18 11:44 - 00149270 _____ () C:\WINDOWS\PFRO.log
2015-03-31 01:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 01:15 - 2014-07-07 00:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-31 01:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 01:14 - 2014-11-30 19:41 - 00000000 ____D () C:\AdwCleaner
2015-03-31 01:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-30 15:25 - 2014-11-03 15:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001
2015-03-30 15:21 - 2014-07-06 23:06 - 01967234 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-30 14:58 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki
2015-03-24 19:44 - 2014-12-26 02:01 - 00000000 ____D () C:\Users\Max\OSBuddy
2015-03-22 22:15 - 2014-12-21 13:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat
2015-03-21 20:56 - 2014-11-06 17:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 03:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-19 22:39 - 2014-07-07 00:26 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-03-12 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-11 13:18 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 00:26 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 00:25 - 2014-11-08 00:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 00:19 - 2014-11-08 00:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 20:53 - 2014-11-29 19:13 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-10 20:53 - 2014-11-29 19:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 20:53 - 2014-11-29 19:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-05 22:41 - 2014-07-06 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-04 23:24 - 2014-11-16 12:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2014-11-16 12:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Max\jagex_cl_oldschool_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE1.dat
C:\Users\Max\random.dat


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe
C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe
C:\Users\Max\AppData\Local\Temp\Quarantine.exe
C:\Users\Max\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-24 00:40

==================== End Of Log ============================
         
--- --- ---

Alt 31.03.2015, 16:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2015, 10:41   #11
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Okay, also hier mal der ESET Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8701c13797279144a9301e4a478d5fc9
# engine=23196
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-02 02:20:50
# local_time=2015-04-02 04:20:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1900018 23225172 0 0
# scanned=241808
# found=0
# cleaned=0
# scan_time=5356
         
Chechup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	16.0.0.235 Flash Player out of Date!  
 Mozilla Firefox (36.0.4) 
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

und das frische FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Max (administrator) on DONQUIXOTE_D on 02-04-2015 11:37:03
Running from C:\Users\Max\Downloads
Loaded Profiles: Max &  (Available profiles: Max)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\Max\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20]

Chrome: 
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06]
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 11:34 - 2015-04-02 11:34 - 00852607 _____ () C:\Users\Max\Downloads\SecurityCheck.exe
2015-04-02 02:46 - 2015-04-02 02:46 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe
2015-03-31 01:45 - 2015-03-31 01:45 - 00000612 _____ () C:\Users\Max\Desktop\JRT.txt
2015-03-31 01:39 - 2015-03-31 01:40 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT (1).exe
2015-03-31 01:39 - 2015-03-31 01:39 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe
2015-03-30 15:54 - 2015-03-30 15:54 - 02208768 _____ () C:\Users\Max\Downloads\AdwCleaner_4.200.exe
2015-03-30 15:47 - 2015-03-30 15:47 - 00001192 _____ () C:\Users\Max\Desktop\mbam.txt
2015-03-30 14:59 - 2015-03-30 14:59 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-30 14:59 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-30 14:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-30 14:58 - 2015-03-30 14:58 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Max\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-27 20:12 - 2015-03-27 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-27 19:12 - 2015-03-27 19:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Max\Downloads\tdsskiller.exe
2015-03-26 14:01 - 2015-04-02 07:46 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 14:01 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 14:01 - 2015-03-26 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 13:50 - 2015-03-26 19:05 - 00000000 ____D () C:\Users\Max\Desktop\mbar
2015-03-26 13:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-26 13:49 - 2015-03-26 13:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Max\Downloads\mbar-1.09.1.1004.exe
2015-03-24 19:48 - 2015-03-24 19:49 - 00029464 _____ () C:\Users\Max\Downloads\Addition.txt
2015-03-24 19:47 - 2015-04-02 11:37 - 00025329 _____ () C:\Users\Max\Downloads\FRST.txt
2015-03-24 19:47 - 2015-04-02 11:37 - 00000000 ____D () C:\FRST
2015-03-24 19:47 - 2015-03-24 19:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2015-03-10 22:01 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 22:01 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 22:01 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 22:01 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 22:01 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 21:59 - 2015-01-30 05:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-10 21:59 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 21:59 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 21:59 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 21:59 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 21:59 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 21:59 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 20:59 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 20:59 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 20:59 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 20:59 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 20:59 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 20:59 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 20:59 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 20:59 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 20:59 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 20:59 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 20:59 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 20:59 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 20:59 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 20:59 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 20:59 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 20:59 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 20:59 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 20:59 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 20:59 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 20:59 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 20:59 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-10 20:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 20:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 20:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 20:58 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 20:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 20:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 20:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 20:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 20:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 20:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 20:58 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 20:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 20:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 20:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 20:58 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 20:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 20:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 20:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 20:58 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 20:58 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 20:58 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 20:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 20:58 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 20:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 20:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 20:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 20:58 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 20:58 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 20:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 20:58 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 20:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 20:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 20:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 20:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 20:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 20:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 20:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 20:58 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 20:58 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 20:58 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 20:58 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 20:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 20:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 20:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 20:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-02 10:55 - 2014-11-06 17:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 08:06 - 2014-07-06 23:06 - 01072099 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 22:57 - 2014-11-03 15:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001
2015-04-01 22:48 - 2014-11-06 17:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 22:48 - 2014-11-03 15:45 - 00000000 ___DO () C:\Users\Max\OneDrive
2015-04-01 12:14 - 2014-11-29 19:16 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Avira
2015-04-01 12:13 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-01 12:13 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 15:01 - 2014-12-21 13:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat
2015-03-31 01:24 - 2014-07-07 08:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-31 01:24 - 2014-07-07 08:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-31 01:24 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 01:17 - 2014-11-26 16:55 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-31 01:17 - 2013-08-22 16:46 - 00050302 _____ () C:\WINDOWS\setupact.log
2015-03-31 01:16 - 2014-11-07 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 01:16 - 2014-03-18 11:44 - 00149270 _____ () C:\WINDOWS\PFRO.log
2015-03-31 01:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 01:15 - 2014-07-07 00:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-31 01:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 01:14 - 2014-11-30 19:41 - 00000000 ____D () C:\AdwCleaner
2015-03-30 14:58 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki
2015-03-24 19:44 - 2014-12-26 02:01 - 00000000 ____D () C:\Users\Max\OSBuddy
2015-03-21 20:56 - 2014-11-06 17:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 03:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-19 22:39 - 2014-07-07 00:26 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-03-12 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-11 13:18 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 00:26 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 00:25 - 2014-11-08 00:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 00:19 - 2014-11-08 00:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 20:53 - 2014-11-29 19:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 20:53 - 2014-11-29 19:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-10 20:53 - 2014-11-29 19:08 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-05 22:41 - 2014-07-06 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-04 23:24 - 2014-11-16 12:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2014-11-16 12:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Max\jagex_cl_oldschool_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE1.dat
C:\Users\Max\random.dat


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe
C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe
C:\Users\Max\AppData\Local\Temp\Quarantine.exe
C:\Users\Max\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-01 22:57

==================== End Of Log ============================
         
--- --- ---



Wars das? Hatte ich was schlimmes oben?
Danke vielmals!
LG

Alt 02.04.2015, 20:06   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Java und FLash udaten.

Adware und bissl Malware. Auf jeden Fall Passwörter ändern.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Max\random.dat
2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.04.2015, 22:18   #13
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Vielen Dank vorweg einmal für die tolle Hilfe, Spende kommt bestimmt.
Allerdings bin ich jetzt ganz schön paranoid.

Eine Frage habe ich noch.
Und zwar habe ich, nachdem der Laptop nach dem "Fix" von FRST neu gestartet wurde, Chrome gestartet und Adblock Plus hat sich wieder installiert.

Ich habs nun deinstalliert, nachdem ich "Adblock Plus Malware" gegoogled habe.
(Es scheint harmlos zu sein, aber ich wollte lieber auf Nummer Sicher gehen)

Soll ich den Adblocker ganz weglassen? Gibt es eine empfehlenswerte alternative?

Streaming Seiten werde ich jetzt wohl ganz lassen denke ich, die habe ich wohl sehr unterschätzt.


Und hier noch der Fixlist log.
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Max at 2015-04-02 22:55:17 Run:1
Running from C:\Users\Max\Desktop
Loaded Profiles: Max &  (Available profiles: Max)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Max\random.dat
2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:
*****************

C:\Users\Max\random.dat => Moved successfully.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
EmptyTemp: => Removed 1.4 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-02 22:57:51)<=

C:\ProgramData\DP45977C.lfl => Is moved successfully.

==== End of Fixlog 22:57:51 ====
         
LG


EDIT: Mir ist aufgefallen, dass in der Checklog.txt die ich vorhin gepostet habe steht, dass "Java version 32-bit out of Date!" ist.
Das ist aber ein 64-bit Betriebssystem, habe ich die falsche Java Software installiert?
Java und Flash habe ich geupdated.

EDIT 2: Kurze Frage zu den Windows Updates, was ist denn mit den optionalen Updates?
Empfiehlt es sich diese zu installieren?

EDIT 3: Sorry wegen den ganzen Edits.
Habe mir jetzt Emisoft heruntergeladen und mir gefällt es ganz gut, allerdings habe ich nach der Installation den Schnelltest gestartet und er hat 2 unerwünschte Sachen gefunden.


Ausgewähltes habe ich in Quarantäne verschoben
Hier der Log:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 02.04.2015 23:49:50
Benutzerkonto: DONQUIXOTE_D\Max

Scan-Einstellungen:

Scan Methode: Schnelltest
Objekte: Rootkits, Speicher, Traces

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	02.04.2015 23:50:48
Value: HKEY_USERS\S-1-5-21-4212791573-526093383-3597010243-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4212791573-526093383-3597010243-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)

Gescannt	59224
Gefunden	2

Scan-Ende:	02.04.2015 23:51:41
Scan-Zeit:	0:00:53
         
Sorry

Geändert von himynameis (02.04.2015 um 23:08 Uhr)

Alt 03.04.2015, 13:35   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Ein Adblocker ist ein Muss im Browser. Adblock Edge als Addon kannste ja mal installieren.
Optionale Updates sind Optional, ich installiere sie aber immer.

Java 32bit reicht, läuft auch auf 64Bit.

Die beiden Funde kommen auch gerne von Security Software, einfach entfernen und gut is
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 15:05   #15
himynameis
 
Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Standard

Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen



Nochmal eine kurze Frage und zwar habe ich gestern die Programme durchkämmt die ich oben habe.

Unter anderem habe ich da "Start Menu" vom Herausgeber "Pokki"
Der Name kam mir bekannt vor und man findet auch nicht viel gutes darüber.

Wenn ich auf deinstallieren klicke, komme ich zu folgendem Pfad:
C:\WINDOWS\System32

Bedeutet das, das es schon deinstalliert wurde, aber trotzdem noch bei den Programmen auftaucht, oder ist da etwas falsch?

LG

EDIT: Installiert wurde das Programm am 21.3.2015

Geändert von himynameis (05.04.2015 um 15:10 Uhr)

Antwort

Themen zu Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen
avira, client, dllhost.exe, dnsapi.dll, e-mail, escape, fehler, file, folge, fund, geändert, infos, lenovo ideapad, livecomm.exe, namens, neu, nichts, online, online banking, passwort, rechner, scannen, software, spiele, suchmaschine, virus, windows, yahoo, zugriff



Ähnliche Themen: Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen


  1. Adware.Gen2 und 3 mal Java.Rafold.V.Gen und Java Ternewb
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (15)
  2. Avira Fund exp/java.ternub.gen
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (15)
  3. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  4. Avira meldet Fund EXP/Java.AM
    Log-Analyse und Auswertung - 23.01.2013 (31)
  5. Fund JAVA/Dldr.Lamar.GA
    Log-Analyse und Auswertung - 21.10.2012 (28)
  6. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  7. (2x) Antivir Fund: Java:Downloader-BQ [Expl]
    Mülltonne - 01.07.2012 (1)
  8. Avira Fund in 2 Java Dateien : EXP/12-0507.B.1.A
    Log-Analyse und Auswertung - 24.04.2012 (9)
  9. Fund JAVA/ROWINDAL.A
    Plagegeister aller Art und deren Bekämpfung - 12.07.2011 (5)
  10. Trojaner Fund-Java Agent?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  11. Avira Fund Java/Exdoer.A
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (4)
  12. Java Trojaner Fund trotz deinstaliertem Java
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (3)
  13. Kein guter Fund: JAVA/Mesdeh.D & JAVA/Agent
    Log-Analyse und Auswertung - 11.02.2011 (24)
  14. TR/Crypt.XPACK.Gen und JAVA/Small.Y fund
    Log-Analyse und Auswertung - 01.02.2011 (7)
  15. Antivir Fund --> JAVA/C-2009-3867.EH
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (37)
  16. dnschanger, fakealert, kein Fund mit G data, Fund mit antimalwarebytes
    Log-Analyse und Auswertung - 07.06.2010 (11)
  17. AntiVir Fund: Erkennungsmuster Java-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.03.2010 (1)

Zum Thema Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen - Hallo liebe Trojaner-Board Community! Gestern erhielt ich ein E-Mail, in dem stand, dass sich jemand Zugriff zu meinem Yahoo Konto verschafft hat und zwar aus den U.S.A. Daraufhin änderte ich - Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen...
Archiv
Du betrachtest: Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.