Virusmeldung nach Einstecken des USB-Sticks, seitdem Probleme

Syrdarja · 13.06.2015, 11:30

Hej,

neulich habe ich eine Virusmeldung bekommen nachdem ich mit meinem USB-Stick in einem dubiosen Copyshop war und diesen dann an meinen PC angeschlossen habe.
Ich habe daraufhin alles, was sich auf dem Stick befand gelöscht und das Antivirusprogramm durchlaufen lassen ("avast free antivirus"). Danach hatte ich erstmal keine Probleme mehr, bis in den letzten Tagen bemerkt habe, dass mein PC sich komisch verhält. Er braucht ungewöhnlich lange um hochzufahren und manchmal kann man ihn nach dem Hochfahren gar nicht bedienen. Er lässt sich manchmal auch nicht mehr herunterfahren. Zudem funktioniert alles viel langsamer als zuvor. Nun bin ich mir nicht sicher ob das alles mit der Virusmeldung zusammenhängt oder ob einfach nur mein PC langsam rumspinnt (er ist jetzt zwei Jahre alt und die Garantie gerade abgelaufen..)

Könnt ihr mir da weiterhelfen?

Viele Grüße und Danke im Voraus

Syrdarja

M-K-D-B · 13.06.2015, 11:46

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Syrdarja · 13.06.2015, 13:27

Hi Matthias
danke für die schnelle Antowort!

also erstmal aus dem FRST-Fenster:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by User (administrator) on USER-PC on 13-06-2015 14:19:24
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Wistron Corp.) C:\Program Files (x86)\Wistron Corp\Airplane LED\WisLMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo) C:\Program Files\Lenovo\QuickSnipService\QuickSnipInput.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
(Wistron Corp.) C:\Program Files (x86)\Wistron Corp\Airplane LED\AirplaneLed.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [2645568 2012-11-08] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [572992 2012-10-17] (Lenovo Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [741680 2012-11-09] (Lenovo)
HKLM-x32\...\Run: [{F987D533-0D6A-4191-8EF7-8E91505ACF9A}] => C:\Program Files (x86)\Wistron Corp\Airplane LED\AirplaneLed.exe [471952 2012-07-02] (Wistron Corp.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001 -> DefaultScope {3A773D89-1F85-4CE8-9AF5-CBC9D5093DD0} URL = 
SearchScopes: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001 -> {3A773D89-1F85-4CE8-9AF5-CBC9D5093DD0} URL = 
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-08-31] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-08-31] (AuthenTec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2012-08-31] (AuthenTec, Inc)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-01-10] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2024232573-3343981941-3030056430-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-12-14] (Intel)
FF Plugin HKU\S-1-5-21-2024232573-3343981941-3030056430-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-12-14] (Intel)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-07]
CHR Extension: (Readium) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-07]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-26]
CHR Extension: (Website Logon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2013-10-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-11-20] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-25] (Broadcom Corporation.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [139568 2012-11-09] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc)
R2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [661056 2012-10-17] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [460864 2012-11-08] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [458304 2012-10-26] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-01-10] (Nitro PDF Software)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-09-27] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Wistron Corp\Airplane LED\WisLMSvc.exe [118672 2012-07-02] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2013-03-18] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [63792 2012-11-09] (Windows (R) Win 7 DDK provider)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 14:19 - 2015-06-13 14:20 - 00019876 _____ C:\Users\User\Downloads\FRST.txt
2015-06-13 14:19 - 2015-06-13 14:19 - 00000000 ____D C:\FRST
2015-06-13 14:18 - 2015-06-13 14:18 - 02108928 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-06-10 09:07 - 2015-06-03 18:18 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-10 09:07 - 2015-06-03 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 20:33 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 20:33 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 20:33 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 20:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 20:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 20:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 20:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 20:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 20:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 20:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 20:32 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 20:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 20:32 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 20:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 20:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 20:32 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 20:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 20:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 20:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 20:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 20:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 20:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 20:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 20:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 20:32 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 20:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 20:32 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 20:32 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 20:32 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 20:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 20:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 20:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 20:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 20:32 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 20:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 20:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 20:32 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-02 23:45 - 2015-06-02 23:45 - 00009058 _____ C:\Users\User\Desktop\Identität.odt
2015-05-26 20:31 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-26 20:31 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-26 20:31 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-26 20:31 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-26 20:31 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-26 20:31 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-26 20:31 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-26 20:31 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-26 20:30 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-26 20:30 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-26 20:30 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-26 20:30 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-26 20:30 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-26 20:30 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-26 20:29 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-26 20:29 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-26 20:28 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-26 20:28 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-26 20:28 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-26 20:28 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-26 20:28 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-26 20:28 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-26 20:27 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-26 20:27 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-26 20:27 - 2015-03-13 02:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-26 20:27 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-26 20:27 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-26 13:26 - 2015-05-28 13:32 - 00000000 ____D C:\Users\User\Desktop\Referat
2015-05-26 13:16 - 2015-05-26 13:16 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-26 13:16 - 2015-05-26 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 13:15 - 2015-05-26 13:15 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-26 13:14 - 2015-05-26 13:14 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-26 12:07 - 2015-05-26 12:07 - 02997380 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeDownload3.2.58.505.exe
2015-05-21 22:06 - 2015-05-21 22:14 - 00000000 ____D C:\Users\User\Desktop\dialekt
2015-05-20 21:13 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-20 21:13 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 14:20 - 2013-10-07 06:19 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 14:08 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-13 14:08 - 2013-11-14 09:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-13 14:08 - 2013-11-14 09:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-13 14:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-13 14:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-13 12:46 - 2013-10-03 17:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2024232573-3343981941-3030056430-1001
2015-06-13 12:30 - 2014-01-03 19:14 - 01254256 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-13 12:21 - 2014-01-20 14:41 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E0A4A87-0589-4754-8335-E71DA9CE72FA}
2015-06-13 12:06 - 2013-03-18 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList
2015-06-13 12:03 - 2013-11-09 00:21 - 00000000 ___RD C:\Users\User\Dropbox
2015-06-13 12:03 - 2013-11-07 15:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2015-06-13 12:03 - 2013-03-18 21:09 - 629145600 ___SH C:\WINDOWS\lenovo_fastboot.img
2015-06-13 12:02 - 2014-01-03 19:32 - 00000000 ___DO C:\Users\User\SkyDrive
2015-06-13 12:02 - 2013-10-07 06:19 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 23:53 - 2013-10-03 17:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2015-06-12 23:49 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-12 23:48 - 2013-08-22 16:46 - 00304176 _____ C:\WINDOWS\setupact.log
2015-06-12 23:47 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 09:36 - 2013-10-07 06:26 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 09:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-10 09:06 - 2013-08-22 16:44 - 00362760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 23:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-09 20:37 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-09 20:04 - 2013-10-07 07:26 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-02 23:45 - 2014-05-18 20:04 - 00114688 ___SH C:\Users\User\Desktop\Thumbs.db
2015-05-30 12:07 - 2013-11-14 00:18 - 00096372 _____ C:\WINDOWS\PFRO.log
2015-05-28 13:33 - 2014-01-10 20:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-05-28 13:26 - 2014-03-15 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 13:26 - 2014-01-10 20:33 - 00000000 ____D C:\ProgramData\Skype
2015-05-28 13:25 - 2014-12-03 10:38 - 00001097 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-05-28 00:26 - 2014-01-07 17:23 - 00961024 ___SH C:\Users\User\Downloads\Thumbs.db
2015-05-27 21:55 - 2013-10-08 14:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-27 21:42 - 2013-10-08 14:53 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-26 22:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-26 21:31 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-26 13:21 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-26 13:15 - 2014-04-29 12:40 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-26 13:15 - 2014-01-04 23:18 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-26 13:15 - 2013-10-07 07:27 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-26 13:15 - 2013-10-07 07:27 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-26 13:14 - 2013-10-07 07:27 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-20 00:15 - 2013-10-07 06:19 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 00:15 - 2013-10-07 06:19 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 00:05 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2013-09-20 14:02 - 2013-09-20 14:02 - 153313362 _____ () C:\Program Files (x86)\openoffice1.cab
2013-09-20 14:00 - 2013-09-20 14:00 - 2269184 _____ () C:\Program Files (x86)\openoffice401.msi
2013-09-20 14:00 - 2013-09-20 14:00 - 0475136 _____ () C:\Program Files (x86)\setup.exe
2013-09-20 14:00 - 2013-09-20 14:00 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2013-10-03 15:03 - 2013-10-03 15:03 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2013-03-18 21:11 - 2013-03-18 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-14358.vbs
2013-03-18 21:19 - 2015-06-13 14:08 - 7102852 _____ () C:\ProgramData\MH_ErrorLog.txt

Files to move or delete:
====================
C:\ProgramData\Lenovo-14358.vbs


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmmez2.dll
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-10 21:29

==================== End of log ============================

--- --- ---

und das Addition-Fenster:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by User at 2015-06-13 14:21:48
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2024232573-3343981941-3030056430-500 - Administrator - Disabled)
Gast (S-1-5-21-2024232573-3343981941-3030056430-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2024232573-3343981941-3030056430-1020 - Limited - Enabled)
User (S-1-5-21-2024232573-3343981941-3030056430-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Airplane LED (HKLM-x32\...\{F987D533-0D6A-4191-8EF7-8E91505ACF9A}) (Version: 1.00.000 - )
AMD Catalyst Install Manager (HKLM\...\{C0ACFCBB-01D7-AAD1-1FB2-0C8A3D1312D2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.10.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.26 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.00 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2600 - Broadcom Corporation)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.07 - )
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0036 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.0.17.0 - Lenovo Corporation)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 1.0.5.6 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 1.0.0.26 - Lenovo)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.00.0019 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{73CBF5CA-73F0-41A7-87CD-190746E41263}) (Version: 8.0.10.9 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Password Vault (HKLM\...\{1CACE706-D749-44CA-BBFE-AF60946D1B18}) (Version: 6.0.200.75 - AuthenTec, Inc.)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39032 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

26-05-2015 13:12:30 avast! antivirus system restore point
02-06-2015 19:30:28 Geplanter Prüfpunkt
09-06-2015 20:34:24 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {125CAC4B-1E3E-4090-AB4E-928EC6C7B73C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3EB9F385-745F-4800-B5AC-0FBB75885513} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.)
Task: {460B9DFF-5847-4940-B61F-393010540FF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {534DABF8-02FA-482E-B35D-9D6903DE0952} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5401DBB9-6F5A-4E21-AAD2-A4DBB5FE4208} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6C621513-4F1B-4D5D-90C7-1BC23597467D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6F5B879F-BA12-4A12-A2B5-6F4EE4C4038C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {74A05EE0-A72F-4E54-98E3-3883E8D9C191} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {855BBD32-C8AF-4C5E-B534-5F01E7E611AF} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {A8D04090-D01E-4FB2-9C01-0B31F31516F8} - System32\Tasks\Lenovo\Lenovo-14358 => C:\ProgramData\Lenovo-14358.vbs [2013-03-18] ()
Task: {C1D71EE0-0B66-4B87-A5CC-896E0A2BF1EB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {D3E319AD-30F0-4B94-9ACD-25610678A098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {DF688517-EAFA-487A-9C35-4E867C5F3D16} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2012-09-27] ()
Task: {E5E86F0F-F8B5-4BF5-AB32-CAFC2B479845} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {FEBE7BBA-F1D6-4EEC-A256-4E74B420A38D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-09-25 19:34 - 2012-09-25 19:34 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-03-18 21:15 - 2012-10-30 07:16 - 00115200 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-03-02 14:01 - 2015-03-02 14:01 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\84819467f44d3da49aa14236af8fcc9a\Windows.Networking.ni.dll
2012-10-26 17:44 - 2012-10-26 17:44 - 00458304 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2012-10-26 17:44 - 2012-10-26 17:44 - 00013888 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2012-08-31 05:44 - 2012-08-31 05:44 - 04622184 _____ () C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe
2012-08-31 05:43 - 2012-08-31 05:43 - 01130344 _____ () C:\Program Files\Lenovo Fingerprint Reader\DataManager.dll
2012-08-31 05:43 - 2012-08-31 05:43 - 00087400 _____ () C:\Program Files\Lenovo Fingerprint Reader\ssutil.dll
2015-05-26 13:14 - 2015-05-26 13:14 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-26 13:14 - 2015-05-26 13:14 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-10 22:54 - 2015-06-10 22:54 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061001\algo.dll
2015-06-12 23:49 - 2015-06-12 23:49 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061201\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-18 21:09 - 2012-11-09 05:14 - 00033072 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-03-18 21:16 - 2012-10-15 21:10 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-03-18 21:16 - 2012-10-15 21:10 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-06-13 12:02 - 2015-06-13 12:02 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmmez2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-26 13:14 - 2015-05-26 13:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-31 05:44 - 2012-08-31 05:44 - 00900456 _____ () C:\Program Files\Lenovo Fingerprint Reader\x86\DataManager.dll
2015-06-10 09:36 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 09:36 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\User\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5C84F131-9BB6-42ED-93FD-A1CC4C6357CB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BDC7DF2B-0AB4-4A9B-83EF-0F3E0350551F}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0D0AF845-FFC9-4E02-84C8-4186FD848D2B}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{66272F81-D2C3-49AF-8ACB-3595E37553B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADAEC500-58EB-4F6D-B744-F7A6379C2E9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D2BECFC-855A-4A1E-8B95-0CA20D2A967F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D640E4FF-6D6A-4231-9B0C-C4834261BA4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89655C60-11EF-4BD1-B13C-B76EDC775446}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{23298D91-18F8-4E50-893B-70CBBAD5B093}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{2A4D6AD3-CFD9-4BCA-8B40-94176481901D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87A0F380-8048-4B6D-8988-609A91C38739}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{69EA4EC0-C4BC-4660-AD53-6E340A962AA2}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{DEAF1ABA-E066-4384-B6DE-815C59D2F2B1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9EDEE94F-5327-4B2C-9004-8905D8346B90}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{46E45D00-6BAB-4BE6-8D5E-8F67A3032D51}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{F8AD3BD2-DBF2-4E5A-9729-731EAF4AF072}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{DD4AB4DF-7693-44BF-890A-DF42146EDEF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2015 02:08:50 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:49 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:49 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:46 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/13/2015 02:08:17 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:15 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/13/2015 02:06:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/13/2015 02:06:06 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:06:05 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:06:02 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml


System errors:
=============
Error: (06/13/2015 00:50:11 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/12/2015 11:56:34 PM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/12/2015 11:56:33 PM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/12/2015 11:49:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/12/2015 11:49:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht.

Error: (06/12/2015 11:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%31

Error: (06/12/2015 11:48:37 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (06/12/2015 11:47:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Diagnostics Tracking Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (06/12/2015 11:47:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/12/2015 11:47:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office:
=========================
Error: (06/13/2015 02:08:50 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:49 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:49 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:46 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/13/2015 02:08:17 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:08:15 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/13/2015 02:06:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/13/2015 02:06:06 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:06:05 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/13/2015 02:06:02 PM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml


==================== Memory info =========================== 

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3636.86 MB
Available physical RAM: 1733.53 MB
Total Pagefile: 4276.86 MB
Available Pagefile: 2076.56 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:453.91 GB) (Free:385.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A8FAE3A2)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

Syrdarja · 13.06.2015, 13:38

Und jetzt noch das TDSS.Killer-Ding:

Code:

ATTFilter

14:31:38.0642 0x0e9c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:31:38.0642 0x0e9c  UEFI system
14:31:57.0987 0x0e9c  ============================================================
14:31:57.0987 0x0e9c  Current date / time: 2015/06/13 14:31:57.0987
14:31:57.0987 0x0e9c  SystemInfo:
14:31:57.0987 0x0e9c  
14:31:57.0987 0x0e9c  OS Version: 6.3.9600 ServicePack: 0.0
14:31:57.0987 0x0e9c  Product type: Workstation
14:31:57.0987 0x0e9c  ComputerName: USER-PC
14:31:57.0987 0x0e9c  UserName: User
14:31:57.0987 0x0e9c  Windows directory: C:\WINDOWS
14:31:57.0987 0x0e9c  System windows directory: C:\WINDOWS
14:31:57.0987 0x0e9c  Running under WOW64
14:31:57.0987 0x0e9c  Processor architecture: Intel x64
14:31:57.0987 0x0e9c  Number of processors: 2
14:31:57.0987 0x0e9c  Page size: 0x1000
14:31:57.0987 0x0e9c  Boot type: Normal boot
14:31:57.0987 0x0e9c  ============================================================
14:31:59.0097 0x0e9c  KLMD registered as C:\WINDOWS\system32\drivers\20112162.sys
14:32:01.0223 0x0e9c  System UUID: {E3B68E0C-5D6D-BCC7-1380-AAA55187C9B5}
14:32:02.0586 0x0e9c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:32:02.0602 0x0e9c  ============================================================
14:32:02.0602 0x0e9c  \Device\Harddisk0\DR0:
14:32:02.0618 0x0e9c  GPT partitions:
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2446BDE4-8A0B-4651-BEA8-3CF3C85E929B}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3C6CED70-84FB-4091-9637-14DC7C76200A}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8556F7D8-DEED-491A-969D-770845899890}, Name: Microsoft reserved partition, StartLBA 0x276800, BlocksNum 0x40000
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FA95E73A-523A-434A-B4FE-55A486DB6572}, Name: Basic data partition, StartLBA 0x2B6800, BlocksNum 0x38BD3800
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {43D3B92A-597A-4C6A-89CF-B3861FB24135}, Name: , StartLBA 0x38E8A000, BlocksNum 0xAF000
14:32:02.0618 0x0e9c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4203CA7F-73F2-409D-ADC4-52D24542059C}, Name: , StartLBA 0x38F39000, BlocksNum 0x144D000
14:32:02.0618 0x0e9c  MBR partitions:
14:32:02.0618 0x0e9c  ============================================================
14:32:02.0660 0x0e9c  C: <-> \Device\Harddisk0\DR0\Partition4
14:32:02.0664 0x0e9c  ============================================================
14:32:02.0664 0x0e9c  Initialize success
14:32:02.0664 0x0e9c  ============================================================
14:32:57.0686 0x0468  ============================================================
14:32:57.0686 0x0468  Scan started
14:32:57.0686 0x0468  Mode: Manual; 
14:32:57.0686 0x0468  ============================================================
14:32:57.0686 0x0468  KSN ping started
14:33:00.0157 0x0468  KSN ping finished: true
14:33:01.0642 0x0468  ================ Scan system memory ========================
14:33:01.0642 0x0468  System memory - ok
14:33:01.0642 0x0468  ================ Scan services =============================
14:33:01.0907 0x0468  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
14:33:01.0923 0x0468  1394ohci - ok
14:33:02.0001 0x0468  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
14:33:02.0016 0x0468  3ware - ok
14:33:02.0126 0x0468  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
14:33:02.0141 0x0468  ACPI - ok
14:33:02.0173 0x0468  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
14:33:02.0173 0x0468  acpiex - ok
14:33:02.0188 0x0468  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
14:33:02.0188 0x0468  acpipagr - ok
14:33:02.0235 0x0468  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
14:33:02.0235 0x0468  AcpiPmi - ok
14:33:02.0251 0x0468  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
14:33:02.0251 0x0468  acpitime - ok
14:33:02.0313 0x0468  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
14:33:02.0345 0x0468  ADP80XX - ok
14:33:02.0392 0x0468  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
14:33:02.0407 0x0468  AeLookupSvc - ok
14:33:02.0470 0x0468  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
14:33:02.0501 0x0468  AFD - ok
14:33:02.0532 0x0468  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
14:33:02.0548 0x0468  agp440 - ok
14:33:02.0579 0x0468  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
14:33:02.0579 0x0468  ahcache - ok
14:33:02.0626 0x0468  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
14:33:02.0626 0x0468  ALG - ok
14:33:02.0688 0x0468  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
14:33:02.0704 0x0468  AMD External Events Utility - ok
14:33:02.0720 0x0468  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
14:33:02.0735 0x0468  AmdK8 - ok
14:33:03.0440 0x0468  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
14:33:03.0972 0x0468  amdkmdag - ok
14:33:04.0117 0x0468  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
14:33:04.0148 0x0468  amdkmdap - ok
14:33:04.0179 0x0468  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
14:33:04.0179 0x0468  AmdPPM - ok
14:33:04.0242 0x0468  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
14:33:04.0242 0x0468  amdsata - ok
14:33:04.0273 0x0468  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
14:33:04.0289 0x0468  amdsbs - ok
14:33:04.0304 0x0468  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
14:33:04.0304 0x0468  amdxata - ok
14:33:04.0351 0x0468  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
14:33:04.0351 0x0468  amd_sata - ok
14:33:04.0382 0x0468  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
14:33:04.0382 0x0468  amd_xata - ok
14:33:04.0414 0x0468  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
14:33:04.0429 0x0468  AppID - ok
14:33:04.0445 0x0468  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
14:33:04.0445 0x0468  AppIDSvc - ok
14:33:04.0492 0x0468  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
14:33:04.0492 0x0468  Appinfo - ok
14:33:04.0570 0x0468  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:33:04.0586 0x0468  Apple Mobile Device - ok
14:33:04.0664 0x0468  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
14:33:04.0710 0x0468  AppReadiness - ok
14:33:04.0820 0x0468  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
14:33:04.0882 0x0468  AppXSvc - ok
14:33:04.0929 0x0468  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\WINDOWS\system32\DRIVERS\appexDrv.sys
14:33:04.0945 0x0468  APXACC - ok
14:33:04.0961 0x0468  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
14:33:04.0976 0x0468  arcsas - ok
14:33:04.0992 0x0468  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
14:33:04.0992 0x0468  aswHwid - ok
14:33:05.0039 0x0468  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:33:05.0039 0x0468  aswMonFlt - ok
14:33:05.0070 0x0468  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
14:33:05.0086 0x0468  aswRdr - ok
14:33:05.0101 0x0468  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:33:05.0117 0x0468  aswRvrt - ok
14:33:05.0179 0x0468  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:33:05.0226 0x0468  aswSnx - ok
14:33:05.0273 0x0468  [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:33:05.0289 0x0468  aswSP - ok
14:33:05.0320 0x0468  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
14:33:05.0336 0x0468  aswStm - ok
14:33:05.0367 0x0468  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:33:05.0382 0x0468  aswVmm - ok
14:33:05.0414 0x0468  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
14:33:05.0414 0x0468  atapi - ok
14:33:05.0476 0x0468  [ 87DAD8D354E312DB16636DC71EB39E5E, 904C874799BF30F06BFC725A59040C6E1B7D176011DA41D1ACBE4CAB20369671 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW86.sys
14:33:05.0476 0x0468  AtiHDAudioService - ok
14:33:05.0523 0x0468  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
14:33:05.0539 0x0468  AudioEndpointBuilder - ok
14:33:05.0601 0x0468  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
14:33:05.0648 0x0468  Audiosrv - ok
14:33:05.0742 0x0468  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:33:05.0773 0x0468  avast! Antivirus - ok
14:33:05.0820 0x0468  [ A1053E63A2C435F0A7E148BA10085DF8, E2B2F0F6AD3EB4D8DC6F890E1E338A271A1EC360049F396B88945B15D878429C ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:33:05.0820 0x0468  avast! Firewall - ok
14:33:05.0851 0x0468  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
14:33:05.0867 0x0468  AxInstSV - ok
14:33:05.0945 0x0468  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
14:33:05.0976 0x0468  b06bdrv - ok
14:33:06.0023 0x0468  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
14:33:06.0039 0x0468  BasicDisplay - ok
14:33:06.0070 0x0468  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
14:33:06.0087 0x0468  BasicRender - ok
14:33:06.0134 0x0468  [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
14:33:06.0150 0x0468  bcbtums - ok
14:33:06.0572 0x0468  [ 73D175B291DDE56AE609BA1422E236CC, F483B2C276014690D939BFC8934C63488CEA7DEB1C70C1A7D36A99A584A8307B ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
14:33:06.0931 0x0468  BCM43XX - ok
14:33:07.0119 0x0468  [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
14:33:07.0228 0x0468  BcmBtRSupport - ok
14:33:07.0275 0x0468  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
14:33:07.0275 0x0468  bcmfn2 - ok
14:33:07.0322 0x0468  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
14:33:07.0337 0x0468  BDESVC - ok
14:33:07.0377 0x0468  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:33:07.0379 0x0468  Beep - ok
14:33:07.0444 0x0468  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
14:33:07.0490 0x0468  BFE - ok
14:33:07.0553 0x0468  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
14:33:07.0600 0x0468  BITS - ok
14:33:07.0662 0x0468  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:33:07.0678 0x0468  Bonjour Service - ok
14:33:07.0709 0x0468  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
14:33:07.0709 0x0468  bowser - ok
14:33:07.0756 0x0468  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
14:33:07.0772 0x0468  BrokerInfrastructure - ok
14:33:07.0803 0x0468  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
14:33:07.0819 0x0468  Browser - ok
14:33:07.0850 0x0468  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
14:33:07.0850 0x0468  BthAvrcpTg - ok
14:33:07.0912 0x0468  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
14:33:07.0912 0x0468  BthEnum - ok
14:33:07.0944 0x0468  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
14:33:07.0959 0x0468  BthHFEnum - ok
14:33:07.0975 0x0468  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
14:33:07.0990 0x0468  bthhfhid - ok
14:33:08.0037 0x0468  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
14:33:08.0053 0x0468  BthHFSrv - ok
14:33:08.0115 0x0468  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
14:33:08.0131 0x0468  BthLEEnum - ok
14:33:08.0147 0x0468  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
14:33:08.0162 0x0468  BTHMODEM - ok
14:33:08.0194 0x0468  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
14:33:08.0209 0x0468  BthPan - ok
14:33:08.0334 0x0468  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
14:33:08.0397 0x0468  BTHPORT - ok
14:33:08.0444 0x0468  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
14:33:08.0459 0x0468  bthserv - ok
14:33:08.0491 0x0468  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
14:33:08.0506 0x0468  BTHUSB - ok
14:33:08.0537 0x0468  [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
14:33:08.0553 0x0468  btwampfl - ok
14:33:08.0584 0x0468  [ 45071792CC5A8AD675B7DBFB35CB105E, DAD447FD18AF2CE1CFB9BF1DD7F83B9BB62CD90FA7C74A54DC5CF17801FDB1D8 ] btwaudio        C:\WINDOWS\system32\drivers\btwaudio.sys
14:33:08.0600 0x0468  btwaudio - ok
14:33:08.0615 0x0468  [ F449D1FA995781C9E64D66AA890602D3, 602BE2A58ACCBCBCAD23C8F96D7AF995B5BF0B7887E72C7FEF1535B1D429DF00 ] btwavdt         C:\WINDOWS\System32\drivers\btwavdt.sys
14:33:08.0631 0x0468  btwavdt - ok
14:33:08.0740 0x0468  [ 3C171492968E0D3429F1A8C25B09D84F, 6F9D4D85850DC48B648B1038C1595D5AC8BCFCB0386C2517CCE72EC862CBB682 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
14:33:08.0787 0x0468  btwdins - ok
14:33:08.0803 0x0468  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
14:33:08.0803 0x0468  btwl2cap - ok
14:33:08.0819 0x0468  [ 061369D0DE3F69CDE564EC02FC26C3AB, 250AA9372F46B4530B148DFA9870FCE844E19677AE35D9A8E261FCC8B2A1E495 ] btwrchid        C:\WINDOWS\System32\drivers\btwrchid.sys
14:33:08.0819 0x0468  btwrchid - ok
14:33:08.0850 0x0468  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
14:33:08.0850 0x0468  cdfs - ok
14:33:08.0897 0x0468  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
14:33:08.0897 0x0468  cdrom - ok
14:33:08.0944 0x0468  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
14:33:08.0944 0x0468  CertPropSvc - ok
14:33:08.0975 0x0468  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
14:33:08.0990 0x0468  circlass - ok
14:33:09.0037 0x0468  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
14:33:09.0069 0x0468  CLFS - ok
14:33:09.0117 0x0468  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
14:33:09.0132 0x0468  CmBatt - ok
14:33:09.0179 0x0468  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
14:33:09.0211 0x0468  CNG - ok
14:33:09.0242 0x0468  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
14:33:09.0242 0x0468  CompositeBus - ok
14:33:09.0257 0x0468  COMSysApp - ok
14:33:09.0289 0x0468  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
14:33:09.0289 0x0468  condrv - ok
14:33:09.0336 0x0468  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
14:33:09.0336 0x0468  CryptSvc - ok
14:33:09.0382 0x0468  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
14:33:09.0382 0x0468  dam - ok
14:33:09.0461 0x0468  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:33:09.0507 0x0468  DcomLaunch - ok
14:33:09.0570 0x0468  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
14:33:09.0601 0x0468  defragsvc - ok
14:33:09.0648 0x0468  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
14:33:09.0664 0x0468  DeviceAssociationService - ok
14:33:09.0711 0x0468  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
14:33:09.0726 0x0468  DeviceInstall - ok
14:33:09.0757 0x0468  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
14:33:09.0773 0x0468  Dfsc - ok
14:33:09.0804 0x0468  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
14:33:09.0804 0x0468  dg_ssudbus - ok
14:33:09.0851 0x0468  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
14:33:09.0867 0x0468  Dhcp - ok
14:33:10.0023 0x0468  [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
14:33:10.0101 0x0468  DiagTrack - ok
14:33:10.0148 0x0468  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
14:33:10.0148 0x0468  disk - ok
14:33:10.0164 0x0468  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
14:33:10.0164 0x0468  dmvsc - ok
14:33:10.0211 0x0468  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:33:10.0226 0x0468  Dnscache - ok
14:33:10.0273 0x0468  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:33:10.0289 0x0468  dot3svc - ok
14:33:10.0320 0x0468  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
14:33:10.0320 0x0468  DPS - ok
14:33:10.0367 0x0468  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:33:10.0367 0x0468  drmkaud - ok
14:33:10.0414 0x0468  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
14:33:10.0429 0x0468  DsmSvc - ok
14:33:10.0554 0x0468  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
14:33:10.0648 0x0468  DXGKrnl - ok
14:33:10.0679 0x0468  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
14:33:10.0679 0x0468  Eaphost - ok
14:33:10.0914 0x0468  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
14:33:11.0086 0x0468  ebdrv - ok
14:33:11.0148 0x0468  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
14:33:11.0164 0x0468  EFS - ok
14:33:11.0211 0x0468  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
14:33:11.0226 0x0468  EhStorClass - ok
14:33:11.0258 0x0468  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
14:33:11.0258 0x0468  EhStorTcgDrv - ok
14:33:11.0273 0x0468  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
14:33:11.0289 0x0468  ErrDev - ok
14:33:11.0351 0x0468  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
14:33:11.0383 0x0468  EventSystem - ok
14:33:11.0414 0x0468  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
14:33:11.0429 0x0468  exfat - ok
14:33:11.0461 0x0468  [ 609C2E3170CA7DC9CD1547CA0BE0FA28, 5F644F45A14B684B5987802FE43DEB7EA99C5E727D3C00EB7CBCF3B0A7259741 ] Fastboot        C:\WINDOWS\system32\DRIVERS\fastboot.sys
14:33:11.0476 0x0468  Fastboot - ok
14:33:11.0523 0x0468  [ 378A75B486A6B18C975FDEE63FCFF991, 6C113D75318FD2BB0DC7DFBC1A9BEB7F5A7504332D5298198957DA013DF23FEA ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
14:33:11.0523 0x0468  FastbootService - ok
14:33:11.0601 0x0468  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
14:33:11.0633 0x0468  fastfat - ok
14:33:11.0726 0x0468  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
14:33:11.0758 0x0468  Fax - ok
14:33:11.0789 0x0468  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
14:33:11.0789 0x0468  fdc - ok
14:33:11.0820 0x0468  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
14:33:11.0820 0x0468  fdPHost - ok
14:33:11.0867 0x0468  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
14:33:11.0867 0x0468  FDResPub - ok
14:33:11.0898 0x0468  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
14:33:11.0914 0x0468  fhsvc - ok
14:33:11.0945 0x0468  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
14:33:11.0945 0x0468  FileInfo - ok
14:33:11.0976 0x0468  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
14:33:11.0992 0x0468  Filetrace - ok
14:33:12.0008 0x0468  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
14:33:12.0008 0x0468  flpydisk - ok
14:33:12.0054 0x0468  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:33:12.0070 0x0468  FltMgr - ok
14:33:12.0184 0x0468  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
14:33:12.0277 0x0468  FontCache - ok
14:33:12.0434 0x0468  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:33:12.0434 0x0468  FontCache3.0.0.0 - ok
14:33:12.0652 0x0468  [ 0BBC120A3B91DF55E6925E84A8018CEB, D0AD0957096D56A01DAB91ACD847EAC392EA16A23D0532A4125D4055585D4437 ] FPLService      C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
14:33:12.0793 0x0468  FPLService - ok
14:33:12.0840 0x0468  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
14:33:12.0840 0x0468  FsDepends - ok
14:33:12.0871 0x0468  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:33:12.0887 0x0468  Fs_Rec - ok
14:33:12.0949 0x0468  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
14:33:12.0981 0x0468  fvevol - ok
14:33:12.0996 0x0468  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
14:33:13.0012 0x0468  FxPPM - ok
14:33:13.0028 0x0468  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
14:33:13.0043 0x0468  gagp30kx - ok
14:33:13.0074 0x0468  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:33:13.0074 0x0468  GEARAspiWDM - ok
14:33:13.0106 0x0468  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
14:33:13.0121 0x0468  gencounter - ok
14:33:13.0153 0x0468  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
14:33:13.0168 0x0468  GPIOClx0101 - ok
14:33:13.0277 0x0468  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
14:33:13.0340 0x0468  gpsvc - ok
14:33:13.0387 0x0468  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:33:13.0387 0x0468  gupdate - ok
14:33:13.0402 0x0468  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:33:13.0418 0x0468  gupdatem - ok
14:33:13.0449 0x0468  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
14:33:13.0449 0x0468  HDAudBus - ok
14:33:13.0496 0x0468  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
14:33:13.0496 0x0468  HidBatt - ok
14:33:13.0543 0x0468  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
14:33:13.0543 0x0468  HidBth - ok
14:33:13.0559 0x0468  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
14:33:13.0574 0x0468  hidi2c - ok
14:33:13.0606 0x0468  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
14:33:13.0621 0x0468  HidIr - ok
14:33:13.0637 0x0468  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
14:33:13.0652 0x0468  hidserv - ok
14:33:13.0684 0x0468  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
14:33:13.0684 0x0468  HidUsb - ok
14:33:13.0715 0x0468  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
14:33:13.0731 0x0468  hkmsvc - ok
14:33:13.0777 0x0468  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
14:33:13.0793 0x0468  HomeGroupListener - ok
14:33:13.0856 0x0468  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
14:33:13.0871 0x0468  HomeGroupProvider - ok
14:33:13.0918 0x0468  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
14:33:13.0918 0x0468  HpSAMD - ok
14:33:14.0027 0x0468  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
14:33:14.0074 0x0468  HTTP - ok
14:33:14.0090 0x0468  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
14:33:14.0106 0x0468  hwpolicy - ok
14:33:14.0122 0x0468  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
14:33:14.0122 0x0468  hyperkbd - ok
14:33:14.0153 0x0468  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
14:33:14.0153 0x0468  HyperVideo - ok
14:33:14.0184 0x0468  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
14:33:14.0200 0x0468  i8042prt - ok
14:33:14.0215 0x0468  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
14:33:14.0215 0x0468  iaLPSSi_GPIO - ok
14:33:14.0247 0x0468  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
14:33:14.0247 0x0468  iaLPSSi_I2C - ok
14:33:14.0309 0x0468  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
14:33:14.0340 0x0468  iaStorAV - ok
14:33:14.0372 0x0468  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
14:33:14.0403 0x0468  iaStorV - ok
14:33:14.0434 0x0468  [ F2EF2B675F66F9CDA72C7BFB8943943C, F50012EEEFA02EFA86088DBC6CE3B7B2F8C9CB2DAF90BBB7E845079AD5CDC429 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:33:14.0450 0x0468  IBMPMDRV - ok
14:33:14.0465 0x0468  [ 0743476DCF2EFF253026FBDA2DA6F149, E8EE974496D75DEF2BBBD218F5A0CA9D92628B4B677222ECC8EB07495EFD89FA ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
14:33:14.0465 0x0468  IBMPMSVC - ok
14:33:14.0481 0x0468  IEEtwCollectorService - ok
14:33:14.0559 0x0468  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
14:33:14.0653 0x0468  IKEEXT - ok
14:33:14.0919 0x0468  [ DC052337C24A87AA1ACC8FCE4F2D5C7F, A438A7A519E9B05DAC2AB097BFBDCD42766E9EAA66054DD6946D27802F0B150A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:33:15.0137 0x0468  IntcAzAudAddService - ok
14:33:15.0216 0x0468  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
14:33:15.0216 0x0468  intelide - ok
14:33:15.0247 0x0468  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
14:33:15.0247 0x0468  intelpep - ok
14:33:15.0278 0x0468  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
14:33:15.0278 0x0468  intelppm - ok
14:33:15.0325 0x0468  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:33:15.0325 0x0468  IpFilterDriver - ok
14:33:15.0403 0x0468  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
14:33:15.0450 0x0468  iphlpsvc - ok
14:33:15.0481 0x0468  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
14:33:15.0481 0x0468  IPMIDRV - ok
14:33:15.0528 0x0468  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
14:33:15.0528 0x0468  IPNAT - ok
14:33:15.0591 0x0468  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:33:15.0622 0x0468  iPod Service - ok
14:33:15.0653 0x0468  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
14:33:15.0653 0x0468  IRENUM - ok
14:33:15.0700 0x0468  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
14:33:15.0700 0x0468  isapnp - ok
14:33:15.0747 0x0468  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
14:33:15.0762 0x0468  iScsiPrt - ok
14:33:15.0794 0x0468  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
14:33:15.0794 0x0468  kbdclass - ok
14:33:15.0825 0x0468  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
14:33:15.0840 0x0468  kbdhid - ok
14:33:15.0856 0x0468  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
14:33:15.0856 0x0468  kdnic - ok
14:33:15.0872 0x0468  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
14:33:15.0887 0x0468  KeyIso - ok
14:33:15.0919 0x0468  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
14:33:15.0919 0x0468  KSecDD - ok
14:33:15.0965 0x0468  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
14:33:15.0981 0x0468  KSecPkg - ok
14:33:15.0997 0x0468  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
14:33:16.0059 0x0468  ksthunk - ok
14:33:16.0122 0x0468  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
14:33:16.0153 0x0468  KtmRm - ok
14:33:16.0200 0x0468  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
14:33:16.0231 0x0468  LanmanServer - ok
14:33:16.0262 0x0468  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
14:33:16.0294 0x0468  LanmanWorkstation - ok
14:33:16.0387 0x0468  [ 5BE1888A6C6EB3C18EFE19E4A5054D15, CD744D84DFB4CB6335EB2477E40957E6AA669830914D85FEE6C6A88161B3E952 ] Lenovo QuickSnip Service C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
14:33:16.0403 0x0468  Lenovo QuickSnip Service - ok
14:33:16.0466 0x0468  [ 1BAF0F4347A0A8B38295318FFF1C62C0, 8B94846CA03C8383342ACE1DBAC15F529E9D1D28064C2392E946E526B57AABAE ] Lenovo System Agent Service C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
14:33:16.0481 0x0468  Lenovo System Agent Service - ok
14:33:16.0544 0x0468  [ 4E11382637ACACC8BF29E351A4EF5B6A, DD663BBDF585F6A959020CD8FD946CE37CD3C9675A57C5F346E1F0AC745DE627 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CamMute.exe
14:33:16.0559 0x0468  LENOVO.CAMMUTE - ok
14:33:16.0591 0x0468  [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:33:16.0591 0x0468  LENOVO.MICMUTE - ok
14:33:16.0637 0x0468  [ 684A79B9157D80FC61AACD174BC9FDE5, 5E0B57F2B71CFBC7128AF967FD409C577EE9F393D7E03C7F104EE8C76446CE93 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:33:16.0669 0x0468  LENOVO.TPKNRSVC - ok
14:33:16.0716 0x0468  [ B990069812A4C9F1A87D5C70C373F8FE, 77EE42C5CF51BD28E71292BCA4EA5A6F5D9FF9D2A15F1A26FD3CF160288E5819 ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
14:33:16.0762 0x0468  LENOVO.TVTVCAM - ok
14:33:16.0794 0x0468  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:33:16.0794 0x0468  Lenovo.VIRTSCRLSVC - ok
14:33:16.0856 0x0468  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
14:33:16.0887 0x0468  lfsvc - ok
14:33:16.0919 0x0468  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
14:33:16.0934 0x0468  lltdio - ok
14:33:16.0966 0x0468  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
14:33:16.0997 0x0468  lltdsvc - ok
14:33:17.0028 0x0468  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
14:33:17.0044 0x0468  lmhosts - ok
14:33:17.0091 0x0468  [ EAD21F4E11812A3952195CCAAF8255EB, 78B6B865355DF76EA9AEFFC88E57EB55BD2171BECDE4B5071DC5085BF02EF865 ] LnvHotSpotSvc   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
14:33:17.0111 0x0468  LnvHotSpotSvc - ok
14:33:17.0174 0x0468  [ A5DBB528820753E69ADC38D9FA30FC5C, 177B34D2B98B712A001732EA36CF7FD4501FF99FF778AD24DCB0C3FCD75E2911 ] LocationTaskManager C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
14:33:17.0205 0x0468  LocationTaskManager - ok
14:33:17.0330 0x0468  [ 649982D990F825800FAA8BDAD98A1C30, 1871CDA2817F89F7A563B76EBE60913843CA09917DFE3EB1CD78F674DF1578B9 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
14:33:17.0392 0x0468  LSCWinService - ok
14:33:17.0455 0x0468  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
14:33:17.0470 0x0468  LSI_SAS - ok
14:33:17.0502 0x0468  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
14:33:17.0502 0x0468  LSI_SAS2 - ok
14:33:17.0533 0x0468  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
14:33:17.0549 0x0468  LSI_SAS3 - ok
14:33:17.0564 0x0468  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
14:33:17.0580 0x0468  LSI_SSS - ok
14:33:17.0674 0x0468  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
14:33:17.0720 0x0468  LSM - ok
14:33:17.0767 0x0468  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
14:33:17.0767 0x0468  luafv - ok
14:33:17.0814 0x0468  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
14:33:17.0830 0x0468  megasas - ok
14:33:17.0877 0x0468  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
14:33:17.0908 0x0468  megasr - ok
14:33:17.0939 0x0468  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
14:33:17.0939 0x0468  MMCSS - ok
14:33:17.0986 0x0468  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
14:33:17.0986 0x0468  Modem - ok
14:33:18.0002 0x0468  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
14:33:18.0017 0x0468  monitor - ok
14:33:18.0049 0x0468  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
14:33:18.0049 0x0468  mouclass - ok
14:33:18.0064 0x0468  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
14:33:18.0064 0x0468  mouhid - ok
14:33:18.0111 0x0468  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
14:33:18.0111 0x0468  mountmgr - ok
14:33:18.0127 0x0468  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
14:33:18.0142 0x0468  mpsdrv - ok
14:33:18.0205 0x0468  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
14:33:18.0252 0x0468  MpsSvc - ok
14:33:18.0314 0x0468  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
14:33:18.0330 0x0468  MRxDAV - ok
14:33:18.0392 0x0468  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:33:18.0408 0x0468  mrxsmb - ok
14:33:18.0455 0x0468  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
14:33:18.0470 0x0468  mrxsmb10 - ok
14:33:18.0517 0x0468  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
14:33:18.0533 0x0468  mrxsmb20 - ok
14:33:18.0564 0x0468  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
14:33:18.0580 0x0468  MsBridge - ok
14:33:18.0611 0x0468  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
14:33:18.0627 0x0468  MSDTC - ok
14:33:18.0674 0x0468  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:33:18.0689 0x0468  Msfs - ok
14:33:18.0736 0x0468  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
14:33:18.0736 0x0468  msgpiowin32 - ok
14:33:18.0767 0x0468  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
14:33:18.0767 0x0468  mshidkmdf - ok
14:33:18.0783 0x0468  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
14:33:18.0783 0x0468  mshidumdf - ok
14:33:18.0814 0x0468  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
14:33:18.0814 0x0468  msisadrv - ok
14:33:18.0861 0x0468  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
14:33:18.0877 0x0468  MSiSCSI - ok
14:33:18.0877 0x0468  msiserver - ok
14:33:18.0908 0x0468  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:33:18.0924 0x0468  MSKSSRV - ok
14:33:18.0955 0x0468  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
14:33:18.0955 0x0468  MsLldp - ok
14:33:18.0970 0x0468  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:33:18.0986 0x0468  MSPCLOCK - ok
14:33:18.0986 0x0468  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:33:19.0002 0x0468  MSPQM - ok
14:33:19.0033 0x0468  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
14:33:19.0049 0x0468  MsRPC - ok
14:33:19.0080 0x0468  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
14:33:19.0080 0x0468  mssmbios - ok
14:33:19.0111 0x0468  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
14:33:19.0111 0x0468  MSTEE - ok
14:33:19.0127 0x0468  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
14:33:19.0142 0x0468  MTConfig - ok
14:33:19.0153 0x0468  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
14:33:19.0169 0x0468  Mup - ok
14:33:19.0185 0x0468  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
14:33:19.0185 0x0468  mvumis - ok
14:33:19.0247 0x0468  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
14:33:19.0285 0x0468  napagent - ok
14:33:19.0343 0x0468  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
14:33:19.0374 0x0468  NativeWifiP - ok
14:33:19.0406 0x0468  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
14:33:19.0421 0x0468  NcaSvc - ok
14:33:19.0468 0x0468  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
14:33:19.0468 0x0468  NcbService - ok
14:33:19.0515 0x0468  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
14:33:19.0531 0x0468  NcdAutoSetup - ok
14:33:19.0671 0x0468  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
14:33:19.0718 0x0468  NDIS - ok
14:33:19.0749 0x0468  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
14:33:19.0749 0x0468  NdisCap - ok
14:33:19.0796 0x0468  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
14:33:19.0796 0x0468  NdisImPlatform - ok
14:33:19.0828 0x0468  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:33:19.0843 0x0468  NdisTapi - ok
14:33:19.0874 0x0468  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:33:19.0874 0x0468  Ndisuio - ok
14:33:19.0890 0x0468  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
14:33:19.0890 0x0468  NdisVirtualBus - ok
14:33:19.0921 0x0468  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:33:19.0937 0x0468  NdisWan - ok
14:33:19.0952 0x0468  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:33:19.0968 0x0468  NdisWanLegacy - ok
14:33:19.0999 0x0468  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:33:19.0999 0x0468  NDProxy - ok
14:33:20.0031 0x0468  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
14:33:20.0046 0x0468  Ndu - ok
14:33:20.0062 0x0468  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:33:20.0077 0x0468  NetBIOS - ok
14:33:20.0124 0x0468  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:33:20.0140 0x0468  NetBT - ok
14:33:20.0156 0x0468  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:33:20.0171 0x0468  Netlogon - ok
14:33:20.0218 0x0468  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
14:33:20.0234 0x0468  Netman - ok
14:33:20.0296 0x0468  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
14:33:20.0327 0x0468  netprofm - ok
14:33:20.0374 0x0468  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:33:20.0452 0x0468  NetTcpPortSharing - ok
14:33:20.0484 0x0468  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
14:33:20.0484 0x0468  netvsc - ok
14:33:20.0562 0x0468  [ 0F119BBB86D2F273DCB259FE03478D8F, CD911E4C91D45879A78B1D1BE64BDDE2C6DFE033D08CD137024FB932960955A7 ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
14:33:20.0577 0x0468  NitroDriverReadSpool8 - ok
14:33:20.0624 0x0468  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
14:33:20.0656 0x0468  NlaSvc - ok
14:33:20.0734 0x0468  [ EA404C5C549F487C84E0E723F834A4AA, B36CB786F1D1F6B5DE03E1B6A288A422A5E8497FE0A6A433545FFB23CFCA603A ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
14:33:20.0749 0x0468  nlsX86cc - ok
14:33:20.0796 0x0468  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:33:20.0796 0x0468  Npfs - ok
14:33:20.0828 0x0468  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
14:33:20.0828 0x0468  npsvctrig - ok
14:33:20.0859 0x0468  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
14:33:20.0874 0x0468  nsi - ok
14:33:20.0890 0x0468  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
14:33:20.0906 0x0468  nsiproxy - ok
14:33:21.0031 0x0468  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:33:21.0140 0x0468  Ntfs - ok
14:33:21.0187 0x0468  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:33:21.0187 0x0468  Null - ok
14:33:21.0218 0x0468  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
14:33:21.0218 0x0468  nvraid - ok
14:33:21.0265 0x0468  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
14:33:21.0265 0x0468  nvstor - ok
14:33:21.0296 0x0468  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
14:33:21.0312 0x0468  nv_agp - ok
14:33:21.0359 0x0468  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:33:21.0374 0x0468  ose - ok
14:33:21.0437 0x0468  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
14:33:21.0468 0x0468  p2pimsvc - ok
14:33:21.0515 0x0468  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
14:33:21.0546 0x0468  p2psvc - ok
14:33:21.0578 0x0468  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
14:33:21.0578 0x0468  Parport - ok
14:33:21.0609 0x0468  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
14:33:21.0609 0x0468  partmgr - ok
14:33:21.0656 0x0468  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
14:33:21.0687 0x0468  PcaSvc - ok
14:33:21.0734 0x0468  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
14:33:21.0765 0x0468  pci - ok
14:33:21.0796 0x0468  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
14:33:21.0796 0x0468  pciide - ok
14:33:21.0828 0x0468  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
14:33:21.0828 0x0468  pcmcia - ok
14:33:21.0859 0x0468  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
14:33:21.0859 0x0468  pcw - ok
14:33:21.0890 0x0468  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
14:33:21.0890 0x0468  pdc - ok
14:33:21.0953 0x0468  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
14:33:21.0984 0x0468  PEAUTH - ok
14:33:22.0046 0x0468  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
14:33:22.0046 0x0468  PerfHost - ok
14:33:22.0187 0x0468  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
14:33:22.0297 0x0468  pla - ok
14:33:22.0344 0x0468  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
14:33:22.0359 0x0468  PlugPlay - ok
14:33:22.0391 0x0468  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
14:33:22.0391 0x0468  PNRPAutoReg - ok
14:33:22.0437 0x0468  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
14:33:22.0469 0x0468  PNRPsvc - ok
14:33:22.0500 0x0468  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
14:33:22.0531 0x0468  PolicyAgent - ok
14:33:22.0563 0x0468  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
14:33:22.0578 0x0468  Power - ok
14:33:22.0703 0x0468  [ D26AA5E3468A0AA37100A5823A960F73, 47257AEFF38AB68125BF435B8D4B185363EE21E770B7A5F61ABA62C3DA46BDC4 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
14:33:22.0812 0x0468  Power Manager DBC Service - ok
14:33:23.0078 0x0468  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:33:23.0266 0x0468  PrintNotify - ok
14:33:23.0312 0x0468  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
14:33:23.0312 0x0468  Processor - ok
14:33:23.0359 0x0468  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
14:33:23.0375 0x0468  ProfSvc - ok
14:33:23.0406 0x0468  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
14:33:23.0422 0x0468  Psched - ok
14:33:23.0469 0x0468  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
14:33:23.0484 0x0468  QWAVE - ok
14:33:23.0516 0x0468  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
14:33:23.0516 0x0468  QWAVEdrv - ok
14:33:23.0547 0x0468  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:33:23.0547 0x0468  RasAcd - ok
14:33:23.0594 0x0468  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:33:23.0609 0x0468  RasAuto - ok
14:33:23.0656 0x0468  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:33:23.0703 0x0468  RasMan - ok
14:33:23.0734 0x0468  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:33:23.0734 0x0468  RasPppoe - ok
14:33:23.0797 0x0468  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:33:23.0812 0x0468  rdbss - ok
14:33:23.0859 0x0468  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
14:33:23.0859 0x0468  rdpbus - ok
14:33:23.0891 0x0468  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
14:33:23.0906 0x0468  RDPDR - ok
14:33:23.0969 0x0468  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
14:33:23.0984 0x0468  RdpVideoMiniport - ok
14:33:24.0016 0x0468  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
14:33:24.0031 0x0468  rdyboost - ok
14:33:24.0109 0x0468  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
14:33:24.0145 0x0468  ReFS - ok
14:33:24.0208 0x0468  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:33:24.0223 0x0468  RemoteAccess - ok
14:33:24.0255 0x0468  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:33:24.0270 0x0468  RemoteRegistry - ok
14:33:24.0317 0x0468  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
14:33:24.0333 0x0468  RFCOMM - ok
14:33:24.0364 0x0468  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
14:33:24.0380 0x0468  RpcEptMapper - ok
14:33:24.0411 0x0468  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:33:24.0411 0x0468  RpcLocator - ok
14:33:24.0505 0x0468  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:33:24.0536 0x0468  RpcSs - ok
14:33:24.0583 0x0468  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
14:33:24.0598 0x0468  rspndr - ok
14:33:24.0630 0x0468  [ BC2D9FBC07A8A8D5A2763D86238C9B15, 490F7AB0149736954B6FE15BA2DB49AAD86A9BE229B651866DB6939159845EB6 ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
14:33:24.0645 0x0468  RSUSBVSTOR - ok
14:33:24.0676 0x0468  [ E6458C9289160F440AC40D62926B39A6, 492867AE53791AD17035DAF5E57B5FC36018AAB5680D7EEE31EF342880E5D1DE ] rtcrfilt64      C:\WINDOWS\system32\DRIVERS\rtcrfilt64.sys
14:33:24.0692 0x0468  rtcrfilt64 - ok
14:33:24.0739 0x0468  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
14:33:24.0770 0x0468  RTL8168 - ok
14:33:24.0786 0x0468  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
14:33:24.0786 0x0468  s3cap - ok
14:33:24.0817 0x0468  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
14:33:24.0817 0x0468  SamSs - ok
14:33:24.0864 0x0468  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
14:33:24.0880 0x0468  sbp2port - ok
14:33:24.0911 0x0468  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
14:33:24.0926 0x0468  SCardSvr - ok
14:33:24.0973 0x0468  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
14:33:24.0989 0x0468  ScDeviceEnum - ok
14:33:25.0020 0x0468  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
14:33:25.0020 0x0468  scfilter - ok
14:33:25.0130 0x0468  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:33:25.0239 0x0468  Schedule - ok
14:33:25.0286 0x0468  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
14:33:25.0302 0x0468  SCPolicySvc - ok
14:33:25.0348 0x0468  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
14:33:25.0348 0x0468  sdbus - ok
14:33:25.0380 0x0468  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
14:33:25.0395 0x0468  sdstor - ok
14:33:25.0427 0x0468  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
14:33:25.0427 0x0468  secdrv - ok
14:33:25.0458 0x0468  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
14:33:25.0473 0x0468  seclogon - ok
14:33:25.0505 0x0468  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
14:33:25.0520 0x0468  SENS - ok
14:33:25.0567 0x0468  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
14:33:25.0583 0x0468  SensrSvc - ok
14:33:25.0630 0x0468  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
14:33:25.0630 0x0468  SerCx - ok
14:33:25.0676 0x0468  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
14:33:25.0692 0x0468  SerCx2 - ok
14:33:25.0708 0x0468  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
14:33:25.0708 0x0468  Serenum - ok
14:33:25.0739 0x0468  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
14:33:25.0755 0x0468  Serial - ok
14:33:25.0786 0x0468  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
14:33:25.0786 0x0468  sermouse - ok
14:33:25.0848 0x0468  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
14:33:25.0880 0x0468  SessionEnv - ok
14:33:25.0911 0x0468  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
14:33:25.0911 0x0468  sfloppy - ok
14:33:25.0973 0x0468  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:33:25.0989 0x0468  SharedAccess - ok
14:33:26.0083 0x0468  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:33:26.0130 0x0468  ShellHWDetection - ok
14:33:26.0161 0x0468  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
14:33:26.0161 0x0468  SiSRaid2 - ok
14:33:26.0192 0x0468  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
14:33:26.0208 0x0468  SiSRaid4 - ok
14:33:26.0255 0x0468  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:33:26.0270 0x0468  SkypeUpdate - ok
14:33:26.0317 0x0468  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
14:33:26.0317 0x0468  smphost - ok
14:33:26.0348 0x0468  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
14:33:26.0364 0x0468  SNMPTRAP - ok
14:33:26.0411 0x0468  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
14:33:26.0442 0x0468  spaceport - ok
14:33:26.0489 0x0468  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
14:33:26.0489 0x0468  SpbCx - ok
14:33:26.0551 0x0468  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
14:33:26.0598 0x0468  Spooler - ok
14:33:26.0989 0x0468  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
14:33:27.0328 0x0468  sppsvc - ok
14:33:27.0500 0x0468  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:27.0531 0x0468  srv - ok
14:33:27.0578 0x0468  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
14:33:27.0609 0x0468  srv2 - ok
14:33:27.0656 0x0468  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
14:33:27.0672 0x0468  srvnet - ok
14:33:27.0718 0x0468  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:33:27.0734 0x0468  SSDPSRV - ok
14:33:27.0765 0x0468  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
14:33:27.0781 0x0468  SstpSvc - ok
14:33:27.0812 0x0468  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
14:33:27.0828 0x0468  ssudmdm - ok
14:33:27.0859 0x0468  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
14:33:27.0875 0x0468  stexstor - ok
14:33:27.0937 0x0468  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
14:33:27.0984 0x0468  stisvc - ok
14:33:28.0000 0x0468  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
14:33:28.0015 0x0468  storahci - ok
14:33:28.0031 0x0468  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
14:33:28.0047 0x0468  storflt - ok
14:33:28.0078 0x0468  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
14:33:28.0093 0x0468  stornvme - ok
14:33:28.0125 0x0468  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
14:33:28.0140 0x0468  StorSvc - ok
14:33:28.0156 0x0468  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
14:33:28.0156 0x0468  storvsc - ok
14:33:28.0219 0x0468  [ 289F4813EC8E844A18B5AAF64CDA428D, 461F3C5669BFD5A1AF8CBA7A8206062A94ED8B080977229ADB84EFA7C27132ED ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
14:33:28.0219 0x0468  SUService - ok
14:33:28.0250 0x0468  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
14:33:28.0265 0x0468  svsvc - ok
14:33:28.0297 0x0468  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
14:33:28.0297 0x0468  swenum - ok
14:33:28.0359 0x0468  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
14:33:28.0406 0x0468  swprv - ok
14:33:28.0515 0x0468  [ 157DFCD1E83E964A5074742AE2DFA0C1, D6F4567F42402938F54A1E482BAE3B02E1BD5AF3788835A63829A3652E5DDA67 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:33:28.0531 0x0468  SynTP - ok
14:33:28.0625 0x0468  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
14:33:28.0703 0x0468  SysMain - ok
14:33:28.0750 0x0468  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
14:33:28.0781 0x0468  SystemEventsBroker - ok
14:33:28.0812 0x0468  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
14:33:28.0828 0x0468  TabletInputService - ok
14:33:28.0875 0x0468  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:33:28.0906 0x0468  TapiSrv - ok
14:33:29.0062 0x0468  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
14:33:29.0203 0x0468  Tcpip - ok
14:33:29.0328 0x0468  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:29.0422 0x0468  TCPIP6 - ok
14:33:29.0469 0x0468  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
14:33:29.0469 0x0468  tcpipreg - ok
14:33:29.0516 0x0468  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
14:33:29.0531 0x0468  tdx - ok
14:33:29.0578 0x0468  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
14:33:29.0578 0x0468  terminpt - ok
14:33:29.0656 0x0468  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:33:29.0781 0x0468  TermService - ok
14:33:29.0812 0x0468  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
14:33:29.0828 0x0468  Themes - ok
14:33:29.0859 0x0468  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
14:33:29.0875 0x0468  THREADORDER - ok
14:33:29.0906 0x0468  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
14:33:29.0922 0x0468  TimeBroker - ok
14:33:30.0000 0x0468  [ C91C8BD1CBECAFE706D4423A2786F20F, 74EAF5EDA4E832E8B80D4B8C0F9CE63F257760898E8C7AAD5CABD41DC8E1657E ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
14:33:30.0015 0x0468  TPHKLOAD - ok
14:33:30.0094 0x0468  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
14:33:30.0109 0x0468  TPM - ok
14:33:30.0157 0x0468  [ 6EE437A872E0184D6D09F65C5EA0AABA, BA3351A37B072FE687A8637C517BCA001023ED6CEB9D91E949609F4FD15A62BF ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwr64v.sys
14:33:30.0157 0x0468  TPPWRIF - ok
14:33:30.0204 0x0468  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
14:33:30.0235 0x0468  TrkWks - ok
14:33:30.0329 0x0468  [ 00629A30B9A95D3CC07E09C12F293BD1, CCB0EA347804CC7EDCDFBCA0AEAFF90310C7272D9F0AF7BC54D3F9D344AD4FCA ] TrueService     C:\Program Files\Common Files\AuthenTec\TrueService.exe
14:33:30.0360 0x0468  TrueService - ok
14:33:30.0438 0x0468  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
14:33:30.0454 0x0468  TrustedInstaller - ok
14:33:30.0485 0x0468  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
14:33:30.0501 0x0468  TsUsbFlt - ok
14:33:30.0532 0x0468  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
14:33:30.0532 0x0468  TsUsbGD - ok
14:33:30.0563 0x0468  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
14:33:30.0579 0x0468  tunnel - ok
14:33:30.0610 0x0468  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
14:33:30.0610 0x0468  uagp35 - ok
14:33:30.0641 0x0468  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
14:33:30.0657 0x0468  UASPStor - ok
14:33:30.0704 0x0468  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
14:33:30.0719 0x0468  UCX01000 - ok
14:33:30.0766 0x0468  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
14:33:30.0782 0x0468  udfs - ok
14:33:30.0798 0x0468  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
14:33:30.0798 0x0468  UEFI - ok
14:33:30.0845 0x0468  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
14:33:30.0860 0x0468  UI0Detect - ok
14:33:30.0891 0x0468  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
14:33:30.0891 0x0468  uliagpkx - ok
14:33:30.0907 0x0468  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
14:33:30.0923 0x0468  umbus - ok
14:33:30.0938 0x0468  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
14:33:30.0938 0x0468  UmPass - ok
14:33:30.0985 0x0468  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
14:33:31.0016 0x0468  UmRdpService - ok
14:33:31.0063 0x0468  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:33:31.0094 0x0468  upnphost - ok
14:33:31.0141 0x0468  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
14:33:31.0141 0x0468  usbccgp - ok
14:33:31.0188 0x0468  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
14:33:31.0188 0x0468  usbcir - ok
14:33:31.0219 0x0468  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
14:33:31.0235 0x0468  usbehci - ok
14:33:31.0266 0x0468  [ 33A58C5630200E17B51C8D73DD64181B, 75707B7E5CE686119CA430944477C9A6DBD5AA4211FDDECFF0986EACA65975B3 ] usbfilter       C:\WINDOWS\system32\DRIVERS\usbfilter.sys
14:33:31.0266 0x0468  usbfilter - ok
14:33:31.0329 0x0468  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
14:33:31.0360 0x0468  usbhub - ok
14:33:31.0407 0x0468  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
14:33:31.0438 0x0468  USBHUB3 - ok
14:33:31.0485 0x0468  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
14:33:31.0501 0x0468  usbohci - ok
14:33:31.0532 0x0468  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
14:33:31.0548 0x0468  usbprint - ok
14:33:31.0594 0x0468  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:33:31.0594 0x0468  USBSTOR - ok
14:33:31.0610 0x0468  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
14:33:31.0626 0x0468  usbuhci - ok
14:33:31.0673 0x0468  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
14:33:31.0688 0x0468  USBXHCI - ok
14:33:31.0719 0x0468  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
14:33:31.0735 0x0468  VaultSvc - ok
14:33:31.0766 0x0468  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
14:33:31.0766 0x0468  vdrvroot - ok
14:33:31.0891 0x0468  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
14:33:31.0985 0x0468  vds - ok
14:33:32.0032 0x0468  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
14:33:32.0048 0x0468  VerifierExt - ok
14:33:32.0110 0x0468  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
14:33:32.0141 0x0468  vhdmp - ok
14:33:32.0193 0x0468  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
14:33:32.0193 0x0468  viaide - ok
14:33:32.0271 0x0468  [ B5716FB969548E461BF5145D527B572D, BD6D11A3F5F7B4BF665E36BE56BA57E02F70F2C08519EDA8A69D3F5CB3D0D87F ] vm331avs        C:\WINDOWS\System32\Drivers\vm331avs.sys
14:33:32.0318 0x0468  vm331avs - ok
14:33:32.0349 0x0468  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
14:33:32.0380 0x0468  vmbus - ok
14:33:32.0411 0x0468  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
14:33:32.0427 0x0468  VMBusHID - ok
14:33:32.0505 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
14:33:32.0536 0x0468  vmicguestinterface - ok
14:33:32.0568 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
14:33:32.0599 0x0468  vmicheartbeat - ok
14:33:32.0630 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
14:33:32.0661 0x0468  vmickvpexchange - ok
14:33:32.0693 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
14:33:32.0724 0x0468  vmicrdv - ok
14:33:32.0755 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
14:33:32.0771 0x0468  vmicshutdown - ok
14:33:32.0818 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
14:33:32.0833 0x0468  vmictimesync - ok
14:33:32.0880 0x0468  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
14:33:32.0896 0x0468  vmicvss - ok
14:33:32.0927 0x0468  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
14:33:32.0927 0x0468  volmgr - ok
14:33:32.0974 0x0468  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
14:33:32.0989 0x0468  volmgrx - ok
14:33:33.0036 0x0468  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
14:33:33.0052 0x0468  volsnap - ok
14:33:33.0068 0x0468  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
14:33:33.0083 0x0468  vpci - ok
14:33:33.0099 0x0468  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
14:33:33.0115 0x0468  vsmraid - ok
14:33:33.0208 0x0468  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
14:33:33.0286 0x0468  VSS - ok
14:33:33.0333 0x0468  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
14:33:33.0349 0x0468  VSTXRAID - ok
14:33:33.0411 0x0468  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
14:33:33.0411 0x0468  vwifibus - ok
14:33:33.0458 0x0468  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
14:33:33.0458 0x0468  vwififlt - ok
14:33:33.0489 0x0468  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
14:33:33.0489 0x0468  vwifimp - ok
14:33:33.0536 0x0468  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:33:33.0568 0x0468  W32Time - ok
14:33:33.0599 0x0468  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
14:33:33.0599 0x0468  WacomPen - ok
14:33:33.0739 0x0468  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
14:33:33.0864 0x0468  wbengine - ok
14:33:33.0943 0x0468  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
14:33:33.0974 0x0468  WbioSrvc - ok
14:33:34.0005 0x0468  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
14:33:34.0036 0x0468  Wcmsvc - ok
14:33:34.0083 0x0468  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
14:33:34.0114 0x0468  wcncsvc - ok
14:33:34.0146 0x0468  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
14:33:34.0162 0x0468  WcsPlugInService - ok
14:33:34.0178 0x0468  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
14:33:34.0193 0x0468  WdBoot - ok
14:33:34.0256 0x0468  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
14:33:34.0302 0x0468  Wdf01000 - ok
14:33:34.0334 0x0468  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
14:33:34.0349 0x0468  WdFilter - ok
14:33:34.0396 0x0468  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
14:33:34.0412 0x0468  WdiServiceHost - ok
14:33:34.0412 0x0468  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
14:33:34.0428 0x0468  WdiSystemHost - ok
14:33:34.0459 0x0468  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
14:33:34.0459 0x0468  WdNisDrv - ok
14:33:34.0506 0x0468  WdNisSvc - ok
14:33:34.0537 0x0468  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:33:34.0553 0x0468  WebClient - ok
14:33:34.0599 0x0468  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
14:33:34.0615 0x0468  Wecsvc - ok
14:33:34.0646 0x0468  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
14:33:34.0662 0x0468  WEPHOSTSVC - ok
14:33:34.0693 0x0468  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
14:33:34.0709 0x0468  wercplsupport - ok
14:33:34.0740 0x0468  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
14:33:34.0756 0x0468  WerSvc - ok
14:33:34.0787 0x0468  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
14:33:34.0803 0x0468  WFPLWFS - ok
14:33:34.0834 0x0468  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
14:33:34.0849 0x0468  WiaRpc - ok
14:33:34.0865 0x0468  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
14:33:34.0865 0x0468  WIMMount - ok
14:33:34.0881 0x0468  WinDefend - ok
14:33:34.0974 0x0468  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
14:33:35.0021 0x0468  WinHttpAutoProxySvc - ok
14:33:35.0099 0x0468  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:33:35.0115 0x0468  Winmgmt - ok
14:33:35.0303 0x0468  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
14:33:35.0490 0x0468  WinRM - ok
14:33:35.0553 0x0468  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
14:33:35.0568 0x0468  WinUsb - ok
14:33:35.0615 0x0468  [ 8EC3DC6DA537314F4A4182C1D8FB9E83, BFE70FFC03149A0D0FF9E413442264C908A8CF7CDA06AB93FC2A86728B22D7F7 ] WisLMSvc        C:\Program Files (x86)\Wistron Corp\Airplane LED\WisLMSvc.exe
14:33:35.0631 0x0468  WisLMSvc - ok
14:33:35.0756 0x0468  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
14:33:35.0865 0x0468  WlanSvc - ok
14:33:35.0974 0x0468  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
14:33:36.0099 0x0468  wlidsvc - ok
14:33:36.0131 0x0468  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
14:33:36.0146 0x0468  WmiAcpi - ok
14:33:36.0178 0x0468  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
14:33:36.0194 0x0468  wmiApSrv - ok
14:33:36.0225 0x0468  WMPNetworkSvc - ok
14:33:36.0256 0x0468  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
14:33:36.0272 0x0468  Wof - ok
14:33:36.0397 0x0468  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
14:33:36.0506 0x0468  workfolderssvc - ok
14:33:36.0537 0x0468  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
14:33:36.0537 0x0468  wpcfltr - ok
14:33:36.0584 0x0468  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
14:33:36.0600 0x0468  WPCSvc - ok
14:33:36.0631 0x0468  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
14:33:36.0647 0x0468  WPDBusEnum - ok
14:33:36.0678 0x0468  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
14:33:36.0694 0x0468  WpdUpFltr - ok
14:33:36.0725 0x0468  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
14:33:36.0725 0x0468  ws2ifsl - ok
14:33:36.0772 0x0468  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
14:33:36.0787 0x0468  wscsvc - ok
14:33:36.0803 0x0468  WSearch - ok
14:33:37.0037 0x0468  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
14:33:37.0209 0x0468  WSService - ok
14:33:37.0428 0x0468  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
14:33:37.0631 0x0468  wuauserv - ok
14:33:37.0678 0x0468  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
14:33:37.0694 0x0468  WudfPf - ok
14:33:37.0741 0x0468  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
14:33:37.0741 0x0468  WUDFRd - ok
14:33:37.0772 0x0468  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
14:33:37.0772 0x0468  WUDFSensorLP - ok
14:33:37.0803 0x0468  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
14:33:37.0819 0x0468  wudfsvc - ok
14:33:37.0850 0x0468  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
14:33:37.0850 0x0468  WUDFWpdFs - ok
14:33:37.0881 0x0468  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
14:33:37.0897 0x0468  WUDFWpdMtp - ok
14:33:37.0959 0x0468  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
14:33:37.0991 0x0468  WwanSvc - ok
14:33:38.0022 0x0468  ================ Scan global ===============================
14:33:38.0053 0x0468  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
14:33:38.0100 0x0468  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
14:33:38.0147 0x0468  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
14:33:38.0187 0x0468  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
14:33:38.0218 0x0468  [ Global ] - ok
14:33:38.0218 0x0468  ================ Scan MBR ==================================
14:33:38.0234 0x0468  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:33:38.0249 0x0468  \Device\Harddisk0\DR0 - ok
14:33:38.0249 0x0468  ================ Scan VBR ==================================
14:33:38.0265 0x0468  [ A480B43CB04C9CF387609E5ACE892C07 ] \Device\Harddisk0\DR0\Partition1
14:33:38.0281 0x0468  \Device\Harddisk0\DR0\Partition1 - ok
14:33:38.0296 0x0468  [ B7B37AB3AECBEF303962E09621C55DD9 ] \Device\Harddisk0\DR0\Partition2
14:33:38.0312 0x0468  \Device\Harddisk0\DR0\Partition2 - ok
14:33:38.0328 0x0468  [ 51DB790D7175F8444B832BC40683DE22 ] \Device\Harddisk0\DR0\Partition3
14:33:38.0328 0x0468  \Device\Harddisk0\DR0\Partition3 - ok
14:33:38.0343 0x0468  [ F1142FA6CE2D7EFAB708A57F2BEF93B7 ] \Device\Harddisk0\DR0\Partition4
14:33:38.0359 0x0468  \Device\Harddisk0\DR0\Partition4 - ok
14:33:38.0406 0x0468  [ 09C85AE8A8597E8A5A739DCB0FD3B394 ] \Device\Harddisk0\DR0\Partition5
14:33:38.0406 0x0468  \Device\Harddisk0\DR0\Partition5 - ok
14:33:38.0421 0x0468  [ 37E3EDDDCA2F22A70AC286C6F5B33D5D ] \Device\Harddisk0\DR0\Partition6
14:33:38.0421 0x0468  \Device\Harddisk0\DR0\Partition6 - ok
14:33:38.0421 0x0468  ================ Scan generic autorun ======================
14:33:39.0109 0x0468  [ F61140A7D41E2B3CB73D28A2F6ABC405, E2C242507C41398781A9C39B47F2104F9BC928E60950291759987BB4EE05AEBF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:33:39.0796 0x0468  RTHDVCPL - ok
14:33:39.0937 0x0468  [ E67D3F6734EEFF50CB12E8F482C73218, 4909C66276D54D8B9168303879DFEE85CF9C3ADB06C7AFE524DFC9F00A14B1FC ] C:\Program Files\Lenovo\HOTKEY\extapsup.exe
14:33:39.0968 0x0468  LenovoOptMouseUpdate - ok
14:33:40.0125 0x0468  [ 99032761EC6604D636760BEC6145A031, 4D5B46DF48DD5D8B179EDC8C44B8A40B06E3ED4DFEDF59EBACE803DD0392FA61 ] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
14:33:40.0266 0x0468  LnvMobHotspotClient - ok
14:33:40.0344 0x0468  [ 45A07FC49D21D8BE8EFC14615F399FA9, 99B676EE84E286B426FC4455AB4F16ADC6B5322E624ABF039E5F955B3FCE841E ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
14:33:40.0375 0x0468  LENOVO.TPKNRRES - ok
14:33:40.0375 0x0468  SynTPEnh - ok
14:33:40.0438 0x0468  [ 28ACFE19E3A3A26954E8ED263119BC16, 657B00FD72F30D4D7A728594E992041959F29D69B33EC187BD5F050B5CAE54AC ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
14:33:40.0453 0x0468  331BigDog - ok
14:33:40.0547 0x0468  [ 28CC78243A2EF270473BD479D63286CF, 905BB2FA35E6180DB98111653D3E288E0DFD8653193B01177EFF2290F20F4C0F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:33:40.0594 0x0468  StartCCC - ok
14:33:40.0672 0x0468  [ E6FC28A12F0BB32FECAE09293EF74019, CAA175E60284FC636ECC6B777F12AFECD772CC4C56B0244B36B7BBA9D3736844 ] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
14:33:40.0703 0x0468  Fastboot - ok
14:33:40.0750 0x0468  [ C6DBAE01F0AFABE23905D46D25A0F2B2, B2528359C93A5AE45237B56593EECD30B6B01478B5FE21C69087F3574D005A25 ] C:\Program Files (x86)\Wistron Corp\Airplane LED\AirplaneLed.exe
14:33:40.0766 0x0468  {F987D533-0D6A-4191-8EF7-8E91505ACF9A} - ok
14:33:40.0797 0x0468  [ 49CD8D25D932C5BF867EBFF00D432B75, D107F7736AC8D43CE93ABDE1A8038D8FE87779F25F41B3FD1E942DF439581236 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
14:33:40.0813 0x0468  Intel AppUp(R) center - ok
14:33:40.0860 0x0468  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:33:40.0875 0x0468  APSDaemon - ok
14:33:40.0922 0x0468  [ 7613D16AF3AE9DC337B071F994D6C53D, F8DC0B0D779FB196171402130F4EEAB4B03CE69CB4D29E7C137391B4F31BFF59 ] C:\Program Files (x86)\PDF24\pdf24.exe
14:33:40.0938 0x0468  PDFPrint - ok
14:33:41.0297 0x0468  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:33:41.0594 0x0468  AvastUI.exe - ok
14:33:41.0672 0x0468  [ BAF535F843A3E790E04A7613811B55BC, 764608E1BC657FBBBB3E0DC5D36F0701CAA9D28BE15E416DF84AD3EFC7EB85D9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
14:33:41.0688 0x0468  iTunesHelper - ok
14:33:41.0688 0x0468  Waiting for KSN requests completion. In queue: 160
14:33:42.0704 0x0468  Waiting for KSN requests completion. In queue: 160
14:33:43.0704 0x0468  Waiting for KSN requests completion. In queue: 160
14:33:44.0769 0x0468  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
14:33:44.0800 0x0468  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
14:33:44.0800 0x0468  FW detected via SS2: avast! Internet Security, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
14:33:44.0815 0x0468  Win FW state via NFP2: enabled
14:33:47.0346 0x0468  ============================================================
14:33:47.0346 0x0468  Scan finished
14:33:47.0346 0x0468  ============================================================
14:33:47.0377 0x1ab4  Detected object count: 0
14:33:47.0377 0x1ab4  Actual detected object count: 0

Viele Grüße

M-K-D-B · 14.06.2015, 09:36

Servus,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Syrdarja · 14.06.2015, 12:44

Ok.. da stand es wurde nichts gefunden..

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.14.01
  rootkit: v2015.06.02.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17842
User :: USER-PC [administrator]

14.06.2015 12:58:02
mbar-log-2015-06-14 (12-58-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 399116
Time elapsed: 45 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

M-K-D-B · 15.06.2015, 15:05

Servus,

schon mal gut.

Download

Das Tool auf den Desktop abspeichern und als Administrator starten.
Option C auswählen und Panda USB-Vaccine installieren.
Impfe Deinen PC
Den infizierten USB-Stick anstecken.
Option A auswählen.
Option B auswählen. (Nur den Laufwerks-Buchstaben des USB-Sticks eingeben!)
Option B mit allen betroffenen Sticks, Platten durchführen.
Das Log bitte posten (C:\Rem-VBS.log)

Syrdarja · 16.06.2015, 10:21

Ich hoffe das ist das Richtige:

Code:

ATTFilter

Rem-VBSworm v4.0
======================================================== - General info: 
Ran by User on profile C:\Users\User
Ran on USER-PC
IPv4: 192.168.0.104
 
Microsoft Windows 8.1  

Normal boot  

 
16.06.2015 
10:48:04,48 
======================================================== - Drive info: 
Listing currently attached drives: 
Caption  Description        VolumeName   

C:       Lokale Festplatte  Windows8_OS  

D:       CD                 Audio CD     



 
Physical drives information: 
C: \Device\HarddiskVolume4 NTFS
D: \Device\CdRom0 CDFS
======================================================== - Disinfection info: 
Panda USB Vaccine was downloaded! 
Cleaning all TEMP files... 
Disabling Autorun... 
Temporarily disabling the WSH... 
Windows Script Host disabled! 
Fixing system/user policies and registry hijacks... 
Killing, hijacking and deleting malicious processes and files...: 
Adding image hijacks... 
Deleting malicious Run keys... 
Killing malicious processes... 
ERFOLGREICH: Der Prozess "rundll32.exe" mit PID 5128 wurde beendet.
ERFOLGREICH: Der Prozess "rundll32.exe" mit PID 6896 wurde beendet.

INFORMATION: Es werden keine Aufgaben mit den angegebenen Kriterien ausgefhrt.

INFORMATION: Es werden keine Aufgaben mit den angegebenen Kriterien ausgefhrt.
Deleting malicious files... 
Windows Script Host re-enabled! 
 
Done cleaning up infection! 
======================================================== 
 
e: selected 
 
Listing root contents of e: 
 
 Datentr„ger in Laufwerk E: ist STORE N GO
 Volumeseriennummer: 08A2-0A73

 Verzeichnis von E:\

29.04.2015  16:10         3.654.582 Materialy_tandemowe-_wersja_do_druku_02.pdf
28.05.2015  12:54    <DIR>          System Volume Information
28.05.2015  13:32    <DIR>          Referat
04.06.2015  16:14    <DIR>          Steffen M”ller
08.06.2015  12:58           164.413 RyanairBoardingPass-WS5T3E_DTM-KRK.pdf
               2 Datei(en),      3.818.995 Bytes
               3 Verzeichnis(se),  7.412.080.640 Bytes frei
 
Modifying files... 
USB drive disinfected!

M-K-D-B · 16.06.2015, 15:38

Servus,

sieht gut aus, keine Autorun Infektion auf dem USB-Stick.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Syrdarja · 17.06.2015, 11:20

Schritt 1:

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 10:41:12
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : User - USER-PC
# Gestarted von : C:\Users\User\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [957 Bytes] - [17/06/2015 10:38:22]
AdwCleaner[S0].txt - [832 Bytes] - [17/06/2015 10:41:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [890  Bytes] ##########

Schritt 2: (hab blöderweise vergessen den log zu speichern bevor ich neugestartet hab deswegen weiß ich nicht ob das das richtige ist)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 17.06.2015 11:07:56, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 17.06.2015 11:07:56, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 17.06.2015 11:07:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17.06.2015 11:07:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 17.06.2015 11:08:08, SYSTEM, USER-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, 
Update, 17.06.2015 11:08:08, SYSTEM, USER-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 17.06.2015 11:08:08, SYSTEM, USER-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 17.06.2015 11:08:08, SYSTEM, USER-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.6.15.1, 
Update, 17.06.2015 11:08:18, SYSTEM, USER-PC, Manual, Malware Database, 2015.3.9.5, 2015.6.17.1, 
Protection, 17.06.2015 11:08:18, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 17.06.2015 11:08:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17.06.2015 11:08:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 17.06.2015 11:08:40, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 17.06.2015 11:08:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17.06.2015 11:08:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 17.06.2015 11:46:14, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.6.17.1, 2015.6.17.2, 
Protection, 17.06.2015 11:46:14, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 17.06.2015 11:46:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17.06.2015 11:46:15, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Scan, 17.06.2015 11:46:35, SYSTEM, USER-PC, Manual, Start: 17.06.2015 11:08:42, Dauer: 36 Minuten 1 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "3" nicht-Malwareerkennung, 
Protection, 17.06.2015 11:47:01, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 17.06.2015 11:47:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17.06.2015 11:47:02, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 17.06.2015 11:51:06, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 17.06.2015 11:51:06, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 17.06.2015 11:51:06, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17.06.2015 11:51:11, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 17.06.2015 12:03:52, SYSTEM, USER-PC, Scheduler, Remediation Database, 2015.5.13.1, 2015.6.15.1, 
Protection, 17.06.2015 12:03:52, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 17.06.2015 12:03:52, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 17.06.2015 12:03:53, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 17.06.2015 12:04:31, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 17.06.2015 12:04:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 17.06.2015 12:04:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 

(end)

M-K-D-B · 17.06.2015, 14:19

Lesestoff
MBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.

Starte MBAM.
Klicke auf Verlauf.
Klicke auf Anwendungsprotokolle.
Klicke auf das letzte Suchlaufprotokoll mit Funden.
Klicke auf "In Zwischenablage kopieren".
Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.

Syrdarja · 17.06.2015, 15:15

Zu Schritt 2: Dieses hier?

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.06.2015
Suchlauf-Zeit: 11:46:15
Logdatei: 
Administrator: Ja

Version: 0.00.0.0000
Malware Datenbank: v2015.06.17.02
Rootkit Datenbank: v2015.06.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393825
Verstrichene Zeit: 36 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Schritt 3:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by User on 17.06.2015 at 12:31:15,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage-journal



~~~ Folders



~~~ Chrome


[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.06.2015 at 12:46:26,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Schritt 4:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by User (administrator) on USER-PC on 17-06-2015 16:05:10
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Wistron Corp.) C:\Program Files (x86)\Wistron Corp\Airplane LED\WisLMSvc.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [2645568 2012-11-08] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [572992 2012-10-17] (Lenovo Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [741680 2012-11-09] (Lenovo)
HKLM-x32\...\Run: [{F987D533-0D6A-4191-8EF7-8E91505ACF9A}] => C:\Program Files (x86)\Wistron Corp\Airplane LED\AirplaneLed.exe [471952 2012-07-02] (Wistron Corp.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001 -> {3A773D89-1F85-4CE8-9AF5-CBC9D5093DD0} URL = 
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-08-31] (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-08-31] (AuthenTec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2012-08-31] (AuthenTec, Inc)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-01-10] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2024232573-3343981941-3030056430-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-12-14] (Intel)
FF Plugin HKU\S-1-5-21-2024232573-3343981941-3030056430-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-12-14] (Intel)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-07]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-07]
CHR Extension: (Readium) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-07]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-26]
CHR Extension: (Website Logon) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iokmdlapebooifaijckgcmncjdpojmjl [2013-10-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [iokmdlapebooifaijckgcmncjdpojmjl] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-08-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-11-20] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-25] (Broadcom Corporation.)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [139568 2012-11-09] (Lenovo)
S2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139496 2012-08-31] (AuthenTec, Inc)
S2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [661056 2012-10-17] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [460864 2012-11-08] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [458304 2012-10-26] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-01-10] (Nitro PDF Software)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21416 2012-09-27] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Wistron Corp\Airplane LED\WisLMSvc.exe [118672 2012-07-02] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2013-03-18] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [63792 2012-11-09] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 15:53 - 2015-06-17 15:53 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2015-06-17 12:46 - 2015-06-17 12:46 - 00002530 _____ C:\Users\User\Desktop\JRT.txt
2015-06-17 12:31 - 2015-06-17 12:31 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-USER-PC-Windows-8.1-(64-bit).dat
2015-06-17 12:31 - 2015-06-17 12:31 - 00000000 ____D C:\RegBackup
2015-06-17 12:21 - 2015-06-17 12:21 - 02949914 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-06-17 11:05 - 2015-06-17 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-17 11:05 - 2015-06-17 11:05 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-17 11:05 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-17 11:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-17 11:01 - 2015-06-17 11:02 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-17 10:36 - 2015-06-17 10:47 - 00000000 ____D C:\AdwCleaner
2015-06-17 10:36 - 2015-06-17 10:36 - 02231296 _____ C:\Users\User\Downloads\AdwCleaner_4.206.exe
2015-06-17 10:31 - 2015-06-17 10:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 10:29 - 2015-06-17 12:34 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001UA.job
2015-06-17 10:29 - 2015-06-17 10:34 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001Core.job
2015-06-17 10:29 - 2015-06-17 10:29 - 00004180 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001UA
2015-06-17 10:29 - 2015-06-17 10:29 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001Core
2015-06-17 10:29 - 2015-06-17 10:29 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2015-06-17 10:29 - 2015-06-17 10:29 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 11:09 - 2015-06-16 11:09 - 00003108 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2015-06-16 11:09 - 2015-06-16 11:09 - 00000000 ____D C:\ProgramData\Panda Security
2015-06-16 11:09 - 2015-06-16 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-06-16 11:09 - 2015-06-16 11:09 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2015-06-16 11:06 - 2015-06-16 11:06 - 00848856 _____ (Panda Security ) C:\Users\User\Desktop\USBVaccineSetup.exe
2015-06-16 10:48 - 2015-06-16 11:13 - 00002120 _____ C:\Rem-VBS.log
2015-06-16 10:45 - 2015-06-16 10:45 - 00098816 _____ (bartblaze) C:\Users\User\Desktop\Rem-VBSworm_4.0.exe
2015-06-16 10:37 - 2015-06-16 10:37 - 00000000 ____D C:\Users\User\AppData\Local\GWX
2015-06-14 12:04 - 2015-06-17 11:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-14 12:03 - 2015-06-17 15:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 12:03 - 2015-06-14 13:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-14 12:01 - 2015-06-14 13:43 - 00000000 ____D C:\Users\User\Desktop\mbar
2015-06-14 12:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-14 12:00 - 2015-06-14 12:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.1.1004.exe
2015-06-14 00:43 - 2015-06-16 15:27 - 00035412 _____ C:\Users\User\Desktop\Käsemann.odt
2015-06-13 15:25 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-13 15:24 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-13 15:24 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-13 15:24 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-13 15:24 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-13 15:24 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-13 15:24 - 2015-04-16 08:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-13 15:24 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-13 15:24 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-13 15:24 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-13 15:24 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-13 15:24 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-13 15:24 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-13 15:24 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-13 15:24 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-13 15:24 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-13 15:24 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-13 15:24 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-13 15:24 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-13 15:24 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-13 15:24 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-13 15:24 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-13 15:24 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-13 15:24 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-13 15:24 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-13 15:24 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-13 15:24 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-13 15:24 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-13 15:24 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-13 15:24 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-13 15:24 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-13 15:24 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-13 15:24 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-13 14:30 - 2015-06-13 14:31 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-06-13 14:21 - 2015-06-13 14:23 - 00029882 _____ C:\Users\User\Downloads\Addition.txt
2015-06-13 14:19 - 2015-06-17 16:05 - 00017955 _____ C:\Users\User\Downloads\FRST.txt
2015-06-13 14:19 - 2015-06-17 16:05 - 00000000 ____D C:\FRST
2015-06-13 14:18 - 2015-06-17 15:53 - 02109952 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-06-10 09:07 - 2015-06-03 18:18 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-10 09:07 - 2015-06-03 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 20:33 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 20:33 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 20:33 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 20:32 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 20:32 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 20:32 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 20:32 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 20:32 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 20:32 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 20:32 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 20:32 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 20:32 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 20:32 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 20:32 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 20:32 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 20:32 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 20:32 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 20:32 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 20:32 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 20:32 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 20:32 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 20:32 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 20:32 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 20:32 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 20:32 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 20:32 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 20:32 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 20:32 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 20:32 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 20:32 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 20:32 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 20:32 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 20:32 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 20:32 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 20:32 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 20:32 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 20:32 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 20:32 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 20:32 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-02 23:45 - 2015-06-02 23:45 - 00009058 _____ C:\Users\User\Desktop\Identität.odt
2015-05-26 20:31 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-26 20:31 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-26 20:31 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-26 20:31 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-26 20:31 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-26 20:31 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-26 20:31 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-26 20:31 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-26 20:30 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-26 20:30 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-26 20:30 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-26 20:30 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-26 20:30 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-26 20:30 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-26 20:29 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-26 20:29 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-26 20:28 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-26 20:28 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-26 20:28 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-26 20:28 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-26 20:28 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-26 20:28 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-26 20:27 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-26 20:27 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-26 20:27 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-26 20:27 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-26 13:26 - 2015-05-28 13:32 - 00000000 ____D C:\Users\User\Desktop\Referat
2015-05-26 13:16 - 2015-05-26 13:16 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-26 13:16 - 2015-05-26 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 13:15 - 2015-05-26 13:15 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-26 13:14 - 2015-05-26 13:14 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-26 12:07 - 2015-05-26 12:07 - 02997380 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeDownload3.2.58.505.exe
2015-05-21 22:06 - 2015-05-21 22:14 - 00000000 ____D C:\Users\User\Desktop\dialekt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 16:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-17 15:49 - 2014-01-03 19:14 - 01572150 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-17 15:40 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-17 15:40 - 2013-11-14 09:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-17 15:40 - 2013-11-14 09:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-17 15:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-17 15:38 - 2013-10-03 17:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2015-06-17 12:50 - 2013-10-03 17:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2024232573-3343981941-3030056430-1001
2015-06-17 12:20 - 2013-10-07 06:19 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 11:55 - 2014-01-07 17:23 - 00961024 ___SH C:\Users\User\Downloads\Thumbs.db
2015-06-17 11:54 - 2013-03-18 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-06-17 11:53 - 2013-11-09 00:21 - 00000000 ___RD C:\Users\User\Dropbox
2015-06-17 11:53 - 2013-11-07 15:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2015-06-17 11:52 - 2014-01-03 19:32 - 00000000 __RDO C:\Users\User\SkyDrive
2015-06-17 11:51 - 2013-10-07 06:19 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 11:50 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-17 11:49 - 2013-11-14 00:18 - 00097794 _____ C:\WINDOWS\PFRO.log
2015-06-17 11:49 - 2013-08-22 16:46 - 00304561 _____ C:\WINDOWS\setupact.log
2015-06-17 10:42 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-17 10:33 - 2014-01-20 14:41 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E0A4A87-0589-4754-8335-E71DA9CE72FA}
2015-06-17 10:27 - 2013-10-07 07:26 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-16 15:27 - 2014-05-18 20:04 - 00139776 ___SH C:\Users\User\Desktop\Thumbs.db
2015-06-16 12:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-16 10:27 - 2014-12-11 23:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-16 10:27 - 2014-07-09 15:59 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-16 10:27 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-14 14:38 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-14 14:37 - 2013-10-08 14:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-14 14:27 - 2013-10-08 14:53 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-14 14:25 - 2015-04-14 17:20 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-14 14:25 - 2015-04-14 17:20 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-14 11:55 - 2013-03-18 21:09 - 629145600 ___SH C:\WINDOWS\lenovo_fastboot.img
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList
2015-06-13 12:05 - 2015-01-11 14:06 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList
2015-06-10 09:36 - 2013-10-07 06:26 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 09:08 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-10 09:06 - 2013-08-22 16:44 - 00362760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 23:55 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-05-28 13:33 - 2014-01-10 20:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-05-28 13:26 - 2014-03-15 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 13:26 - 2014-01-10 20:33 - 00000000 ____D C:\ProgramData\Skype
2015-05-28 13:25 - 2014-12-03 10:38 - 00001097 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-05-26 21:31 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-26 13:21 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-26 13:15 - 2014-04-29 12:40 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-26 13:15 - 2014-01-04 23:18 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-05-26 13:15 - 2013-10-07 07:27 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-26 13:15 - 2013-10-07 07:27 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-26 13:15 - 2013-10-07 07:26 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-26 13:14 - 2013-10-07 07:27 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-20 00:15 - 2013-10-07 06:19 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 00:15 - 2013-10-07 06:19 - 00003870 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-09-20 14:02 - 2013-09-20 14:02 - 153313362 _____ () C:\Program Files (x86)\openoffice1.cab
2013-09-20 14:00 - 2013-09-20 14:00 - 2269184 _____ () C:\Program Files (x86)\openoffice401.msi
2013-09-20 14:00 - 2013-09-20 14:00 - 0475136 _____ () C:\Program Files (x86)\setup.exe
2013-09-20 14:00 - 2013-09-20 14:00 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2013-10-03 15:03 - 2013-10-03 15:03 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2013-03-18 21:11 - 2013-03-18 21:11 - 0000198 ____H () C:\ProgramData\Lenovo-14358.vbs
2013-03-18 21:19 - 2015-06-17 10:23 - 7117531 _____ () C:\ProgramData\MH_ErrorLog.txt

Files to move or delete:
====================
C:\ProgramData\Lenovo-14358.vbs


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpighpr_.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-17 12:50

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by User at 2015-06-17 16:06:44
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2024232573-3343981941-3030056430-500 - Administrator - Disabled)
Gast (S-1-5-21-2024232573-3343981941-3030056430-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2024232573-3343981941-3030056430-1020 - Limited - Enabled)
User (S-1-5-21-2024232573-3343981941-3030056430-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Airplane LED (HKLM-x32\...\{F987D533-0D6A-4191-8EF7-8E91505ACF9A}) (Version: 1.00.000 - )
AMD Catalyst Install Manager (HKLM\...\{C0ACFCBB-01D7-AAD1-1FB2-0C8A3D1312D2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.10.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.26 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.00 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2600 - Broadcom Corporation)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.07 - )
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0036 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.0.17.0 - Lenovo Corporation)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 1.0.5.6 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 1.0.0.26 - Lenovo)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.00.0019 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{73CBF5CA-73F0-41A7-87CD-190746E41263}) (Version: 8.0.10.9 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Password Vault (HKLM\...\{1CACE706-D749-44CA-BBFE-AF60946D1B18}) (Version: 6.0.200.75 - AuthenTec, Inc.)
PDF24 Creator 6.0.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39032 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2024232573-3343981941-3030056430-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

26-05-2015 13:12:30 avast! antivirus system restore point
02-06-2015 19:30:28 Geplanter Prüfpunkt
09-06-2015 20:34:24 Windows Update
14-06-2015 14:23:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AD63F91-FF2E-4234-B429-5BA03A472FE4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3EB9F385-745F-4800-B5AC-0FBB75885513} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.)
Task: {460B9DFF-5847-4940-B61F-393010540FF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {4A54E80C-C9AD-4DB9-BC4B-86AC65438F89} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {57F8D00F-08CE-4630-9881-FDF86C6FA6AD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6C621513-4F1B-4D5D-90C7-1BC23597467D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74A05EE0-A72F-4E54-98E3-3883E8D9C191} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {855BBD32-C8AF-4C5E-B534-5F01E7E611AF} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {8B797582-7873-4B4C-8BAB-154820C34CAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-14] (Microsoft Corporation)
Task: {954E62FA-7955-40ED-A474-5C426A67C97F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {999DDE5C-48D5-4A17-A9A3-7300D1DA3E58} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A3F50C63-D183-4E26-80C1-6A8CD299B986} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A8D04090-D01E-4FB2-9C01-0B31F31516F8} - System32\Tasks\Lenovo\Lenovo-14358 => C:\ProgramData\Lenovo-14358.vbs [2013-03-18] ()
Task: {C1D71EE0-0B66-4B87-A5CC-896E0A2BF1EB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {D2E5BE06-B9FF-47DC-81DE-29E793DA2FCF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D3E319AD-30F0-4B94-9ACD-25610678A098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {DC4B7B2E-5DDF-4BCD-B4A4-65FBF7F744E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {DF688517-EAFA-487A-9C35-4E867C5F3D16} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2012-09-27] ()
Task: {E3B97FEA-DD16-40D7-806E-A57B8399A637} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {E5E86F0F-F8B5-4BF5-AB32-CAFC2B479845} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2024232573-3343981941-3030056430-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2013-03-18 21:15 - 2012-10-30 07:16 - 00115200 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-25 19:34 - 2012-09-25 19:34 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-05-26 13:14 - 2015-05-26 13:14 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-26 13:14 - 2015-05-26 13:14 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-17 10:27 - 2015-06-17 10:27 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll
2015-06-17 11:51 - 2015-06-17 11:51 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061700\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-26 13:14 - 2015-05-26 13:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-10 09:36 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 09:36 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\User\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5C84F131-9BB6-42ED-93FD-A1CC4C6357CB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BDC7DF2B-0AB4-4A9B-83EF-0F3E0350551F}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0D0AF845-FFC9-4E02-84C8-4186FD848D2B}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{66272F81-D2C3-49AF-8ACB-3595E37553B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADAEC500-58EB-4F6D-B744-F7A6379C2E9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D2BECFC-855A-4A1E-8B95-0CA20D2A967F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D640E4FF-6D6A-4231-9B0C-C4834261BA4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89655C60-11EF-4BD1-B13C-B76EDC775446}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{23298D91-18F8-4E50-893B-70CBBAD5B093}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{2A4D6AD3-CFD9-4BCA-8B40-94176481901D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87A0F380-8048-4B6D-8988-609A91C38739}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{69EA4EC0-C4BC-4660-AD53-6E340A962AA2}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [TCP Query User{DEAF1ABA-E066-4384-B6DE-815C59D2F2B1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9EDEE94F-5327-4B2C-9004-8905D8346B90}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{DD4AB4DF-7693-44BF-890A-DF42146EDEF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{95A8E218-9A67-4E75-8335-E4D3E8B31A3B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{A1EA232F-35AE-4DD6-A298-2E1E3565F4BD}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 11:54:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 11:54:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 11:53:57 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 11:53:51 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: loctaskmgr.exe, Version: 1.1.0.0, Zeitstempel: 0x508b1a0b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000e5624
ID des fehlerhaften Prozesses: 0xa54
Startzeit der fehlerhaften Anwendung: 0xloctaskmgr.exe0
Pfad der fehlerhaften Anwendung: loctaskmgr.exe1
Pfad des fehlerhaften Moduls: loctaskmgr.exe2
Berichtskennung: loctaskmgr.exe3
Vollständiger Name des fehlerhaften Pakets: loctaskmgr.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: loctaskmgr.exe5

Error: (06/17/2015 10:46:18 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 10:46:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 10:46:09 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (InitService()): SessionID konnte nicht abgefragt werden, LPD Agent wird nicht gestartet.


System errors:
=============
Error: (06/17/2015 03:40:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (06/17/2015 03:40:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (06/17/2015 03:38:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (06/17/2015 01:06:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/17/2015 01:06:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (06/17/2015 00:51:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IBMPMSVC erreicht.

Error: (06/17/2015 00:51:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IBMPMSVC erreicht.

Error: (06/17/2015 00:36:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2015 00:36:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Location Task Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2015 00:36:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (06/17/2015 11:54:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 11:54:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 11:53:57 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 11:53:51 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetUserLpd()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (CheckLpdVersion()): "user_lpd.xml" konnte nicht gefunden werden. Überprüfen Sie, ob "Lenovo Settings" installiert ist: C:\Users\User\AppData\Local\Packages\LenovoCorporation.LenovoSettings_4642shxvsv8s2\LocalState\user_lpd.xml

Error: (06/17/2015 10:46:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: loctaskmgr.exe1.1.0.0508b1a0bntdll.dll6.3.9600.17736550f42c2c0000374000e5624a5401d0a8d9ff46404dC:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exeC:\WINDOWS\SYSTEM32\ntdll.dll56568595-14cd-11e5-bec2-a41731bd6c22

Error: (06/17/2015 10:46:18 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 10:46:11 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (GetHomepage()): Vorgabendatei für Mozilla Firefox konnte nicht geöffnet werden. Überprüfen Sie die Installation.

Error: (06/17/2015 10:46:09 AM) (Source: Location Task Manager) (EventID: 0) (User: )
Description: (InitService()): SessionID konnte nicht abgefragt werden, LPD Agent wird nicht gestartet.


==================== Memory info =========================== 

Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3636.86 MB
Available physical RAM: 1935.52 MB
Total Pagefile: 4276.86 MB
Available Pagefile: 2252.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:453.91 GB) (Free:383.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A8FAE3A2)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

M-K-D-B · 17.06.2015, 16:17

Wir kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Syrdarja · 17.06.2015, 20:57

Schritt 1

Code:

ATTFilter

ï»¿Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by User at 2015-06-17 18:54:09 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2024232573-3343981941-3030056430-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 1.3 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 18:55:41 ====

Schritt 2:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=826afed734d8ba4eb59a19f4196f44cc
# end=init
# utc_time=2015-06-17 05:16:05
# local_time=2015-06-17 07:16:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24374
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=826afed734d8ba4eb59a19f4196f44cc
# end=updated
# utc_time=2015-06-17 05:20:20
# local_time=2015-06-17 07:20:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=826afed734d8ba4eb59a19f4196f44cc
# engine=24374
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-17 07:32:28
# local_time=2015-06-17 09:32:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 82 1589078 198990038 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1905402 11651940 0 0
# scanned=205331
# found=3
# cleaned=0
# scan_time=7927
sh=52539EEAFB9501990D2C202CD5B7D7BDF7F23579 ft=1 fh=44cec5701d81f613 vn="Win32/SoftonicDownloader.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\User\Desktop\BACKUP MIRI\BACKUP MIRI\HARI_eigene Datein\Downloads\SoftonicDownloader_fuer_7-zip.exe"
sh=0AA343B2D3253EDE6D4B0C4066F39748D69B539E ft=1 fh=7603349d911d7891 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\User\Downloads\VLC media player 32 Bit - CHIP-Installer (1).exe"
sh=FE95A7E655480F3913BF77596AD38C2617385EAD ft=1 fh=0bc1df5bc5c92008 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\User\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"

Und Schritt 3:

Code:

ATTFilter

 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

M-K-D-B · 18.06.2015, 15:30

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\User\Downloads\*CHIP-Installer*.exe
C:\Users\User\Desktop\BACKUP MIRI\BACKUP MIRI\HARI_eigene Datein\Downloads\SoftonicDownloader_fuer_7-zip.exe
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Avast	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.