Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8 Problem AppData\Roaming\5.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.10.2015, 01:14   #1
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



Hallo an Alle, ich "Dödel" benötige dringend Hilfe bei folgendem Problem. Ich bekomme ständig ein PopUp mit der Meldung:
C:\Users\xxx\AppData\Roaming\5.exe
Auf das angebende Gerät bzw. den Pfad kann nicht zugegriffen werden. Sie verfügen ggf. nicht über ausreichende Berechtigung, um auf das Element zugreifen zu können

Kann nichts machen, das popt einfach immer wieder in unterschiedlichen Abständen auf.
Ist das schlimm bzw. gefährlich.

Tut mir leid, habe aber einfach keine Ahnung.
Hab aber FRST.txt und Addition.txt schonmal dabei.

Vielen Dank im Voraus

Hier FRST

Code:
ATTFilter
==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
() C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
() C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [19960 2013-10-18] (Lenovo)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937968 2014-08-12] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719456 2013-12-10] (SunplusIT, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [23416869 2014-12-18] ()
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => Keine Datei
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-02-19]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-06] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-06] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F64165AB-2A4B-4C4A-B0DE-3387DEFA4101}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C&q={searchTerms}
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {D1B8CBC9-4664-448E-87D4-D3AF948AAB46} URL = hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385303445756&tguid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> DefaultScope {D1B8CBC9-4664-448E-87D4-D3AF948AAB46} URL = hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385303445756&tguid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D100615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> {D1B8CBC9-4664-448E-87D4-D3AF948AAB46} URL = hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385303445756&tguid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Kein Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  Keine Datei
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-02] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> Kein Name - {41564952-412D-5637-00A7-7A786E7484D7} -  Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-02] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1132157785-3674912610-306245377-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-12-14] (Intel)
FF Plugin HKU\S-1-5-21-1132157785-3674912610-306245377-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-12-14] (Intel)
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\searchplugins\bing-lavasoft.xml [2015-10-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml [2014-06-08]
FF Extension: ProductivityBoss - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\Extensions\e5ffxtbr@www.productivityboss.com [2015-10-07]
FF Extension: OkayFreedom - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta21.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7rou3qih.default\extensions\faststartff@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-25]
FF HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-03-26]

Chrome: 
=======
CHR HomePage: Default -> hxxp://start.qone8.com/?type=hppp&ts=1402333406&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C
CHR StartupUrls: Default -> "hxxp://start.qone8.com/?type=hppp&ts=1402333406&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C" 
CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Amazon-Icon) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ebkjoejlimafghkdfnnnfmmcejbjkkda] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha844\ch\WebexpEnhancedV1alpha844.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ljkgegfnbpmfaaianaikmlkcahkjpglc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ch\VideoPlayerV3beta21.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Christoph\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-01]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-06-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 BitKinex; C:\Program Files (x86)\BitKinex\bitkinexsvc.exe [32944 2010-07-12] ()
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2012-04-02] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-14] (Lenovo.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21496 2013-10-18] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474608 2014-08-12] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-06] () [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS2A65\hpslpsvc64.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-08-24] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
R3 MbmLowExt; C:\Windows\System32\Drivers\MbmLowExt.sys [26112 2012-10-30] (Ericsson AB)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [72704 2012-07-03] (Ericsson AB)
R3 MkBusFilter; C:\Windows\System32\drivers\MbmDeviceFilter.sys [25600 2012-10-22] (Ericsson AB)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1514144 2013-12-10] (Sunplus)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-07 00:35 - 2015-10-07 00:36 - 00039144 _____ C:\Users\Christoph\Downloads\FRST.txt
2015-10-07 00:35 - 2015-10-07 00:35 - 00000000 ____D C:\FRST
2015-10-07 00:34 - 2015-10-07 00:35 - 02193920 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2015-10-06 23:46 - 2015-10-07 00:19 - 00000452 _____ C:\WINDOWS\setupact.log
2015-10-06 23:46 - 2015-10-06 23:46 - 00008630 _____ C:\WINDOWS\PFRO.log
2015-10-06 23:46 - 2015-10-06 23:46 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-06 21:54 - 2015-10-06 21:54 - 00003206 _____ C:\WINDOWS\System32\Tasks\{DE396901-1936-4584-BDF0-C738D063512F}
2015-10-06 21:36 - 2015-10-06 21:37 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-06 21:36 - 2015-10-06 21:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TuneUp Software
2015-10-06 21:36 - 2015-10-06 21:36 - 00000000 ____D C:\Users\Christoph\AppData\Local\TuneUp Software
2015-10-06 21:35 - 2015-10-06 21:35 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-06 21:35 - 2015-10-06 21:35 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-06 21:35 - 2015-10-06 21:35 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-06 21:35 - 2015-10-06 21:35 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-06 21:34 - 2015-10-06 21:34 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\OpenCandy
2015-10-06 21:33 - 2015-10-06 21:33 - 03469871 _____ (LIGHTNING UK!) C:\Users\Christoph\Downloads\SetupImgBurn_2.5.8.0.exe
2015-10-06 21:32 - 2015-10-06 21:32 - 01457952 _____ C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe
2015-10-06 21:14 - 2015-10-06 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-06 20:23 - 2015-10-06 20:23 - 00001102 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-10-06 20:23 - 2015-10-06 20:23 - 00001082 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-10-06 20:23 - 2015-10-06 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-10-06 20:02 - 2015-10-06 20:09 - 277444608 _____ C:\Users\Christoph\Downloads\kav_rescue_10.iso
2015-09-11 09:59 - 2015-09-11 10:01 - 00000000 ____D C:\Users\Christoph\Desktop\Privat
2015-09-11 09:57 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Budni
2015-09-11 09:57 - 2015-09-11 09:57 - 00000000 ____D C:\Users\Christoph\Desktop\Hobby
2015-09-11 09:56 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Steuer
2015-09-11 09:55 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Games
2015-09-09 19:27 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 19:27 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 19:27 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 19:27 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 19:27 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 19:27 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 19:27 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 19:27 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 19:27 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 19:27 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-09 19:27 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 19:27 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 19:27 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 19:27 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 19:27 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 15:11 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 15:11 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 15:11 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 15:11 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 15:11 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 15:11 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 15:10 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 15:10 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 15:10 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 15:10 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 15:10 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 15:10 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 15:10 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 15:10 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 15:10 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 15:10 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 15:10 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 15:10 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 15:10 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 15:10 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 15:10 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 15:10 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 15:10 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 15:10 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 15:10 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 15:10 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 15:10 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 15:10 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 15:10 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 15:10 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 15:10 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 15:10 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 15:10 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 15:10 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 15:10 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 15:10 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 15:10 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 15:10 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 15:10 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 15:10 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 15:10 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 15:10 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 15:10 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 15:10 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 15:10 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 15:10 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 15:10 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 15:10 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 15:10 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 15:10 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 15:10 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 15:10 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 15:10 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 15:10 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 15:10 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 15:10 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-07 00:36 - 2013-09-03 17:36 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-07 00:34 - 2013-09-03 17:28 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1132157785-3674912610-306245377-1001
2015-10-07 00:30 - 2014-07-15 15:03 - 00000000 ____D C:\Program Files\Sweet Home 3D
2015-10-07 00:29 - 2013-10-13 21:03 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 00:29 - 2013-09-03 23:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-07 00:20 - 2013-11-01 18:11 - 01300372 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-07 00:17 - 2013-05-31 01:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-07 00:16 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-07 00:16 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-07 00:16 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-07 00:09 - 2014-07-09 18:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-07 00:09 - 2013-11-01 18:18 - 00000000 __RDO C:\Users\Christoph\SkyDrive
2015-10-07 00:09 - 2013-10-13 21:03 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 00:09 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-07 00:08 - 2015-06-24 11:04 - 00003556 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-10-07 00:08 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-07 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 23:46 - 2014-01-20 14:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-06 23:44 - 2013-05-31 11:33 - 00000000 ____D C:\ProgramData\Lenovo
2015-10-06 23:43 - 2013-10-21 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-06 23:43 - 2013-05-31 01:55 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-10-06 23:43 - 2013-05-31 01:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2015-10-06 23:43 - 2013-05-31 01:48 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-06 23:41 - 2015-05-10 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-06 20:23 - 2014-06-01 22:23 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-10-06 20:18 - 2014-12-13 19:21 - 00817848 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-06 20:18 - 2014-11-10 18:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-10-06 20:18 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-06 20:09 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-06 20:05 - 2014-01-20 14:08 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5C287A0-2A63-46ED-9003-130861709F8C}
2015-09-29 20:30 - 2013-10-13 21:04 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 15:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-28 18:16 - 2013-09-13 15:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 19:36 - 2013-09-03 17:36 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-22 10:30 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-22 10:28 - 2013-09-03 17:20 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Nitro PDF
2015-09-21 15:24 - 2013-10-13 21:03 - 00004112 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-21 15:24 - 2013-10-13 21:03 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-19 12:36 - 2015-08-07 11:12 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype
2015-09-15 11:11 - 2015-06-24 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-15 11:11 - 2015-06-24 10:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 11:11 - 2014-12-09 14:28 - 00000000 ____D C:\Users\Christoph\AppData\Local\ownCloud
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 20:43 - 2013-08-22 16:44 - 00493144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 20:42 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-14 20:41 - 2013-09-03 17:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 20:39 - 2013-11-01 18:06 - 00000000 ____D C:\Users\Christoph
2015-09-11 10:03 - 2015-06-04 08:37 - 00000000 ____D C:\Users\Christoph\Desktop\Jagd Polen 2015
2015-09-11 09:55 - 2014-03-26 12:49 - 00000000 ____D C:\Users\Christoph\Desktop\Lexi
2015-09-11 09:53 - 2014-11-02 15:38 - 00000000 ____D C:\Users\Christoph\Desktop\HS21
2015-09-10 18:20 - 2013-09-03 17:19 - 00000000 ____D C:\Users\Christoph\AppData\Local\Packages

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-09-03 17:20 - 2013-12-13 12:42 - 0012405 _____ () C:\Users\Christoph\AppData\Roaming\AbsoluteReminder.xml
2014-01-20 15:03 - 2014-07-10 00:36 - 0120050 _____ () C:\Users\Christoph\AppData\Local\ars.cache
2014-01-20 15:04 - 2014-07-10 00:36 - 0503993 _____ () C:\Users\Christoph\AppData\Local\census.cache
2014-01-20 14:35 - 2014-01-20 14:35 - 0000036 _____ () C:\Users\Christoph\AppData\Local\housecall.guid.cache
2013-09-06 19:04 - 2014-06-06 16:35 - 0000466 _____ () C:\Users\Christoph\AppData\Local\RegisteredPackageInformation.xml
2013-09-10 13:27 - 2013-09-10 13:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-05-31 01:49 - 2013-05-31 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-21 00:26 - 2014-01-27 18:54 - 0002563 _____ () C:\ProgramData\hpzinstall.log
2013-05-31 01:56 - 2013-05-31 01:56 - 0000198 ____H () C:\ProgramData\Lenovo-23020.vbs
2013-05-31 01:58 - 2013-09-03 23:57 - 0002331 _____ () C:\ProgramData\MH_ErrorLog.txt

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\Lenovo-23020.vbs


Einige Dateien in TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Christoph\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Christoph\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Christoph\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Christoph\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-29 15:18

==================== Ende von FRST.txt ============================
         

Hier Addition

Code:
ATTFilter
==================== Konten: =============================

Administrator (S-1-5-21-1132157785-3674912610-306245377-500 - Administrator - Enabled) => C:\Users\Administrator
Christoph (S-1-5-21-1132157785-3674912610-306245377-1001 - Administrator - Enabled) => C:\Users\Christoph
Gast (S-1-5-21-1132157785-3674912610-306245377-501 - Limited - Enabled) => C:\Users\Gast

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitKinex (HKLM-x32\...\{A7CE3C9E-78B4-4855-8D24-5CDF498E31F9}) (Version: 3.2.3 - Barad-Dur, LLC.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BUDNI Fotowelt (HKLM-x32\...\BUDNI Fotowelt) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.8602 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3518 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2023a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.8720 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4905d - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4002.52 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.3915a - CyberLink Corp.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.1.0 - devolo AG)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.31 - SunplusIT)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.340 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.340 - Kaspersky Lab) Hidden
Lenovo Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.1 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.00 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.49.4 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.85 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.7 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0008 - Lenovo)
Lenovo USB 2.0 Ethernet Adapter (HKLM-x32\...\{29584513-DC7F-4EB9-8654-7C541DF0DDCE}) (Version: 1.02 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{68D0E8C7-E4F8-424E-A6D6-97A06A323FFE}) (Version: 8.0.8.4 - Ericsson AB)
Mozilla Firefox 41.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 de)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.7.1.4382 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF24 Creator 7.3.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.25.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.18.01 - RICOH)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{6F4652BE-D68A-40DC-9075-4017EC6CF6A9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9580 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Intel (ISCT) System  (05/04/2012 1.0.7.0) (HKLM\...\C8CA88388A58C08FD1318BB111CC8BDC79A3B577) (Version: 05/04/2012 1.0.7.0 - Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows-Treiberpaket - Synaptics (SmbDrv) System  (10/17/2012 16.2.19.2) (HKLM\...\A77C050AE33CE8C74E71FDF8578DB13900B8A1F4) (Version: 10/17/2012 16.2.19.2 - Synaptics)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (10/17/2012 16.2.19.2) (HKLM\...\8305FD4F3A6C1E86A14473501EA23FDEB1382CB7) (Version: 10/17/2012 16.2.19.2 - Synaptics)
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{077E3995-5996-4756-82A4-36E5B4737506}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1132157785-3674912610-306245377-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1132157785-3674912610-306245377-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Wiederherstellungspunkte =========================

22-09-2015 10:30:23 Windows Update
29-09-2015 15:33:49 Geplanter Prüfpunkt
06-10-2015 20:51:20 Geplanter Prüfpunkt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0B91B158-1350-4E26-9EB0-AD7641EBD631} - System32\Tasks\Scheduled scanning task => C:\PROGRA~2\KABELD~1\apps\COMPUT~1\ANTI-V~1\fsav.exe
Task: {0C95A296-AD9B-458F-93EE-8DD33F868E3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {10FAAB9B-D265-46C0-8A27-0959D88694AB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-07-30] (Lenovo)
Task: {1B9E3B1C-89EB-4070-867E-A82A399CB31B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {29B193BC-D5EB-47BE-94E6-81043C4643B6} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {3121B6A6-2DDB-4227-9EB8-1AEDE1D19FE3} - System32\Tasks\WinKit => C:\Users\Christoph\AppData\Roaming\PDFConvert\SWUpdate.exe [2015-01-29] ()
Task: {33CC460F-E9DC-4DE1-9990-4A89E38500DB} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {392090B3-396A-4231-B654-3470E8CBBF43} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {422191CE-FA0E-4981-94C1-D8D2CFA10D9E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {55501DDC-B590-4316-8C99-8C3D3170723E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {5C674272-5FA6-49F5-8544-BEBF8229D28C} - System32\Tasks\{724E11B9-7C5A-40BB-9498-D63D749FA46F} => pcalua.exe -a C:\Users\Christoph\Downloads\setup_airpcap_4_1_1.exe -d C:\Users\Christoph\Downloads
Task: {5FCB8B93-E8C8-4BF5-9FA8-10CE7A42F664} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {6CB128F6-CA4A-4B2F-8FEA-F94CA7699C91} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-09-10] ()
Task: {6CF06305-6364-4583-9739-B6141BF906BB} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {6DFEAC79-64F6-481D-AD66-2F2DBCA13523} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7520FC38-A5E3-439E-8C00-D330CFD73846} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {7BD7444E-373B-4C04-ADA3-CA79C353394C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {7CB89201-C294-482C-923F-FD855168680D} - System32\Tasks\{DE396901-1936-4584-BDF0-C738D063512F} => pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {80ED2DF5-4077-43E9-985B-84C55EDAAED9} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {81A25501-D021-47AF-87EA-9D7D5B8B723D} - \Lenovo\Lenovo-23020 -> Keine Datei <==== ACHTUNG
Task: {8A6D0161-C9F4-49A4-82A3-7570492FBFE7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)
Task: {8ABB6F41-DA4B-4B42-BDE3-2B81773049D4} - System32\Tasks\Winsta Update => C:\Users\Christoph\AppData\Roaming\Winsta\bin\Winsta.exe [2015-01-29] ()
Task: {97086049-5883-4B69-A004-6116C1B4B834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {994416AD-22BF-4F1E-BBAA-40A4323DD41A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {9D18D93C-39BC-4547-8E97-A2DE63EDA0D6} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {D3CF01D7-069D-4BF2-9CCF-BEAF26589DFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D7219226-4DCB-4598-8F5F-DFF9446BF81D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {DF6A9B69-ED5F-4F9E-8370-349B877B08AA} - System32\Tasks\Convertor => C:\Users\Christoph\AppData\Roaming\Convertor\Convertor.exe [2015-01-29] ()
Task: {E0473932-0029-4340-98DC-CC442120BA0C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {F6F0CB5D-59DC-4D3B-B8AB-AC403F7AA646} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FC906F93-A153-47D9-BA0E-5BFEBFD3B4E7} - \AmiUpdXp -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Scheduled scanning task.job => C:\PROGRA~2\KABELD~1\apps\COMPUT~1\ANTI-V~1\fsav.exeX /HARD /POLICY /SCHED /REPORT C:\PROGRA~2\KABELD~1\apps\COMPUT~1\ANTI-V~1\report.txt ,C:\PROGRA~2\KABELD~1\apps\COMPUT~1\ANTI-V~1WORKGROUP\LENOVO-CPC$.Von
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-11-06 20:03 - 2015-01-16 08:49 - 00118272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll
2010-07-12 23:30 - 2010-07-12 23:30 - 00032944 _____ () C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
2014-04-01 17:50 - 2014-04-01 17:50 - 00049368 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btwleapi.dll
2014-03-26 14:10 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-25 19:39 - 2010-09-06 12:05 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-12-17 13:44 - 2014-12-17 13:44 - 00059904 _____ () C:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2014-11-06 20:03 - 2015-01-16 08:49 - 00118272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-07-03 12:03 - 2015-07-03 12:03 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-10 01:15 - 2014-10-21 10:29 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-21 15:42 - 2015-01-09 16:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2013-06-21 15:42 - 2015-01-09 16:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2014-08-01 14:17 - 2014-08-01 14:17 - 00462592 _____ () C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
2013-09-04 00:04 - 2012-03-21 11:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 17:54 - 2014-12-23 17:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2010-06-19 10:57 - 2010-06-19 10:57 - 00081920 _____ () C:\Program Files (x86)\BitKinex\zlib1.dll
2010-06-19 18:44 - 2010-06-19 18:44 - 00274432 _____ () C:\Program Files (x86)\BitKinex\libtidy.dll
2015-02-23 12:31 - 2015-02-23 12:31 - 00799232 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\86865ced79f3180ebdfa736d895e5edb\Windows.Networking.ni.dll
2015-02-24 13:15 - 2015-02-24 13:15 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\4764145200fcd33a90ced1505892fce6\Windows.Devices.ni.dll
2015-02-23 12:31 - 2015-02-23 12:31 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2014-10-21 10:26 - 2014-10-21 10:26 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-05-31 01:55 - 2012-12-14 19:55 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2013-09-03 23:53 - 2013-05-13 15:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-23 17:54 - 2014-12-23 17:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 17:54 - 2014-12-23 17:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 17:54 - 2014-12-23 17:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1132157785-3674912610-306245377-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christoph\Desktop\Lexi Bilder\florida 2013\IMG_3881.JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Integrated Camera_Monitor"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "InstantBurn"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "UpdatePPShortCut"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\StartupApproved\Run: => "ownCloud"
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\StartupApproved\Run: => "Skype"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{88A913E5-E50F-4AAB-9069-A9968BF1D9D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{689ECA12-4A61-491C-AEC7-EC7CBDCC4981}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{D85E67A5-5752-4817-BBC5-19C6D93C52F9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{DD5A260A-1BF3-46DE-AD66-CDE8BD35EFEC}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{AA00AACB-76F0-44DF-B34F-769ED09ECE48}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8B9557F0-70DC-41B1-904F-F903A6979E3A}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{EB20B2CC-421F-40A6-8A2D-452033FD2B01}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{0FA4BEEB-8A91-41A2-8E33-28EF850CF0C3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0FB043A1-596C-43AC-BEB4-931D1BED488B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A47C04AA-0506-437F-B548-FCF20FED0F2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{DE408BB5-F124-445D-87FA-2440EB454CC9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2AA6D132-EE15-4398-8F25-EB03F4879169}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2AC3925C-050F-41C4-A5CE-D0A129C187EC}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{5DEC5959-D534-40E9-AD51-CF88E0C07EDA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{012A7DBF-E0E5-4BFD-A3E5-B5CEBDC5DE21}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{182D8AB9-D2AA-4AA4-87E2-C78EE15A7895}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{D88C993B-59EC-441D-B408-FE937E4DA1ED}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2CFE0EC2-71F6-4328-A787-2FBA60640375}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{25832AB4-EDE8-4653-A683-683BB4AD51AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1ACFB51-A90B-44BD-AE26-657305807B3F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{174ED1C0-FCC6-4AB9-8473-D2A61420D331}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2261F845-3CF2-4ACD-B5A2-B9016219B273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC1DDCDA-C38B-4B20-9423-2B22EC56283B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0686908B-E053-45D2-9629-EA43DC921066}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{6C473922-2E47-4AFD-AB92-B6D08F76E40B}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{C03A377A-BD5B-4E66-B91A-45F1471BFBAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84946C5B-609B-4B59-90FC-2B4AE234545A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{084DDE4B-8B25-4EE8-8ACF-59B198964C59}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CA1ECA36-F178-48A4-B7C2-CFC89348F44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7EFD0F0-C620-46E8-ABE0-056814D5F338}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4AD3ECF-4B8A-4F73-B3DD-353C293A26DF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{052E2A45-1EC8-4EE1-A39E-AEC95B83F0A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7F7917E3-A39A-4C9B-AEB6-24A9FD9C3669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{A801087E-1604-4B9A-88B6-1848CCBFB0E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TransOcean - The Shipping Company\TransOcean.exe
FirewallRules: [{3643BAA4-BC70-416E-AC3C-276ADDC90A02}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{CF218FED-4A15-4508-883C-8C1C6D8BAB20}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{2018148B-69E0-45C1-AB44-400A6960C8BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2EF57B39-5EB4-4EAE-981A-93B6E2441BE9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EB6161F9-C73F-4902-BDAA-F689E088E0FB}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/06/2015 09:50:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe, Version: 1.0.0.0, Zeitstempel: 0x55fc1e0d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0x2814
Startzeit der fehlerhaften Anwendung: 0xLavasoft.SearchProtect.WinService.exe0
Pfad der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe1
Pfad des fehlerhaften Moduls: Lavasoft.SearchProtect.WinService.exe2
Berichtskennung: Lavasoft.SearchProtect.WinService.exe3
Vollständiger Name des fehlerhaften Pakets: Lavasoft.SearchProtect.WinService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Lavasoft.SearchProtect.WinService.exe5

Error: (10/06/2015 09:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0x3ad4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (10/06/2015 09:36:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (10/06/2015 09:36:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0x1770
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (10/06/2015 09:36:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0x2e2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (10/06/2015 08:06:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-CPC)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/29/2015 09:37:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2844

Error: (09/29/2015 09:37:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2844

Error: (09/29/2015 09:37:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2015 09:37:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1469


Systemfehler:
=============
Error: (10/07/2015 12:33:22 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/07/2015 12:31:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/07/2015 12:13:27 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/07/2015 12:11:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/07/2015 12:11:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/07/2015 12:11:27 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/07/2015 12:09:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/07/2015 12:08:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (10/06/2015 11:54:37 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (10/06/2015 11:52:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126


CodeIntegrity:
===================================
  Date: 2015-03-23 15:12:56.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 21:25:32.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 21:24:47.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 20:29:10.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-04 20:29:10.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8010.89 MB
Verfügbarer physikalischer RAM: 5550.52 MB
Summe virtueller Speicher: 10442.89 MB
Verfügbarer virtueller Speicher: 7737.27 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:204.18 GB) (Free:92.46 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 08C350AB)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 07.10.2015, 07:14   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 07.10.2015, 10:54   #3
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



Vielen Dank für die schnelle Unterstützung.

Hier der erste Durchlauf
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.07.01
  rootkit: v2015.10.06.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
Christoph :: LENOVO-CPC [administrator]

07.10.2015 09:55:36
mbar-log-2015-10-07 (09-55-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 532359
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C) Good: (www.google.com) -> Replace on reboot. [9c81054fa5e6082e7ab8b1cfff06e719]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C) Good: (www.google.com) -> Replace on reboot. [6bb2173d4348d6608ea4cfb1cf36d22e]
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://start.qone8.com/?type=hp&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C) Good: (www.google.com) -> Replace on reboot. [021b8dc725664ee89f94e49c34d15da3]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
         
Der zweite Durchlauf hat nichts gefunden
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.07.01
  rootkit: v2015.10.06.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
Christoph :: LENOVO-CPC [administrator]

07.10.2015 10:15:59
mbar-log-2015-10-07 (10-15-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 531133
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Hier die Logfile vom TDSSKiller Teil1

Code:
ATTFilter
10:36:46.0967 0x1974  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
10:36:46.0967 0x1974  UEFI system
10:36:53.0739 0x1974  ============================================================
10:36:53.0740 0x1974  Current date / time: 2015/10/07 10:36:53.0739
10:36:53.0740 0x1974  SystemInfo:
10:36:53.0740 0x1974  
10:36:53.0740 0x1974  OS Version: 6.3.9600 ServicePack: 0.0
10:36:53.0740 0x1974  Product type: Workstation
10:36:53.0740 0x1974  ComputerName: LENOVO-CPC
10:36:53.0740 0x1974  UserName: Christoph
10:36:53.0740 0x1974  Windows directory: C:\WINDOWS
10:36:53.0740 0x1974  System windows directory: C:\WINDOWS
10:36:53.0740 0x1974  Running under WOW64
10:36:53.0740 0x1974  Processor architecture: Intel x64
10:36:53.0740 0x1974  Number of processors: 4
10:36:53.0740 0x1974  Page size: 0x1000
10:36:53.0740 0x1974  Boot type: Normal boot
10:36:53.0740 0x1974  ============================================================
10:36:53.0820 0x1974  KLMD registered as C:\WINDOWS\system32\drivers\12436502.sys
10:36:53.0964 0x1974  System UUID: {E990B6A6-D698-4E25-1746-CD4B391059AA}
10:36:54.0349 0x1974  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:36:54.0353 0x1974  ============================================================
10:36:54.0353 0x1974  \Device\Harddisk0\DR0:
10:36:54.0353 0x1974  GPT partitions:
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {159478AF-85EF-4C41-9981-E0AE3562846B}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C4670CBC-D85B-4028-A2FC-65FDB56A8DAB}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {157734F4-6AC0-42EC-A628-AA369A655770}, Name: Microsoft reserved partition, StartLBA 0x276800, BlocksNum 0x40000
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5E3DE4F4-615B-4456-A21F-BD567F8D3946}, Name: Basic data partition, StartLBA 0x2B6800, BlocksNum 0x1985A000
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F10BC6F9-64F2-45BA-B355-011CBA1460B7}, Name: , StartLBA 0x19B10800, BlocksNum 0xAF000
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {22EF8A6E-488B-491E-8088-DF428CB31E17}, Name: , StartLBA 0x19BBF800, BlocksNum 0x1564800
10:36:54.0354 0x1974  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {5CA96064-FED0-41C8-B06D-8EE6BF989155}, Name: Basic data partition, StartLBA 0x1B124000, BlocksNum 0xE00000
10:36:54.0354 0x1974  MBR partitions:
10:36:54.0354 0x1974  ============================================================
10:36:54.0355 0x1974  C: <-> \Device\Harddisk0\DR0\Partition4
10:36:54.0355 0x1974  ============================================================
10:36:54.0355 0x1974  Initialize success
10:36:54.0355 0x1974  ============================================================
10:38:43.0179 0x1464  ============================================================
10:38:43.0179 0x1464  Scan started
10:38:43.0179 0x1464  Mode: Manual; SigCheck; TDLFS; 
10:38:43.0179 0x1464  ============================================================
10:38:43.0179 0x1464  KSN ping started
10:38:45.0486 0x1464  KSN ping finished: true
10:38:45.0976 0x1464  ================ Scan system memory ========================
10:38:45.0976 0x1464  System memory - ok
10:38:45.0977 0x1464  ================ Scan services =============================
10:38:46.0043 0x1464  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
10:38:46.0081 0x1464  1394ohci - ok
10:38:46.0090 0x1464  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
10:38:46.0100 0x1464  3ware - ok
10:38:46.0117 0x1464  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
10:38:46.0140 0x1464  ACPI - ok
10:38:46.0146 0x1464  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
10:38:46.0155 0x1464  acpiex - ok
10:38:46.0159 0x1464  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
10:38:46.0169 0x1464  acpipagr - ok
10:38:46.0173 0x1464  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
10:38:46.0185 0x1464  AcpiPmi - ok
10:38:46.0189 0x1464  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
10:38:46.0198 0x1464  acpitime - ok
10:38:46.0204 0x1464  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:38:46.0212 0x1464  AdobeARMservice - ok
10:38:46.0249 0x1464  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:38:46.0258 0x1464  AdobeFlashPlayerUpdateSvc - ok
10:38:46.0275 0x1464  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
10:38:46.0300 0x1464  ADP80XX - ok
10:38:46.0310 0x1464  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
10:38:46.0327 0x1464  AeLookupSvc - ok
10:38:46.0340 0x1464  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
10:38:46.0364 0x1464  AFD - ok
10:38:46.0370 0x1464  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
10:38:46.0379 0x1464  agp440 - ok
10:38:46.0384 0x1464  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
10:38:46.0397 0x1464  ahcache - ok
10:38:46.0402 0x1464  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
10:38:46.0414 0x1464  ALG - ok
10:38:46.0419 0x1464  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
10:38:46.0432 0x1464  AmdK8 - ok
10:38:46.0438 0x1464  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
10:38:46.0449 0x1464  AmdPPM - ok
10:38:46.0453 0x1464  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
10:38:46.0463 0x1464  amdsata - ok
10:38:46.0470 0x1464  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
10:38:46.0485 0x1464  amdsbs - ok
10:38:46.0489 0x1464  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
10:38:46.0496 0x1464  amdxata - ok
10:38:46.0501 0x1464  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
10:38:46.0515 0x1464  AppID - ok
10:38:46.0519 0x1464  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
10:38:46.0531 0x1464  AppIDSvc - ok
10:38:46.0537 0x1464  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
10:38:46.0553 0x1464  Appinfo - ok
10:38:46.0558 0x1464  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:38:46.0565 0x1464  Apple Mobile Device - ok
10:38:46.0572 0x1464  [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:38:46.0587 0x1464  AppMgmt - ok
10:38:46.0600 0x1464  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
10:38:46.0622 0x1464  AppReadiness - ok
10:38:46.0651 0x1464  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
10:38:46.0688 0x1464  AppXSvc - ok
10:38:46.0696 0x1464  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
10:38:46.0706 0x1464  arcsas - ok
10:38:46.0710 0x1464  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:38:46.0725 0x1464  AsyncMac - ok
10:38:46.0729 0x1464  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
10:38:46.0737 0x1464  atapi - ok
10:38:46.0745 0x1464  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
10:38:46.0761 0x1464  AudioEndpointBuilder - ok
10:38:46.0780 0x1464  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
10:38:46.0807 0x1464  Audiosrv - ok
10:38:46.0824 0x1464  [ 70502DE460D4AE53D0BC76C3B0B98BCE, 0A4E7B1B0673B1459847DCF3EAD11154C01B613A82BC37CB75BD6B0E46020F93 ] AVControlCenter C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
10:38:46.0839 0x1464  AVControlCenter - ok
10:38:46.0850 0x1464  [ 9C7C876ACB9B707ECD08BD434C46A4D3, 4135E95C0E531854268D2009ACD6F932D8ADC4D31E72D3B942F731C60ECCDF1D ] AVP15.0.2       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
10:38:46.0864 0x1464  AVP15.0.2 - ok
10:38:46.0870 0x1464  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
10:38:46.0882 0x1464  AxInstSV - ok
10:38:46.0894 0x1464  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
10:38:46.0915 0x1464  b06bdrv - ok
10:38:46.0920 0x1464  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
10:38:46.0931 0x1464  BasicDisplay - ok
10:38:46.0935 0x1464  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
10:38:46.0947 0x1464  BasicRender - ok
10:38:46.0954 0x1464  [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
10:38:46.0964 0x1464  bcbtums - ok
10:38:47.0005 0x1464  [ 43907773F7563AF4DF0999D47522E802, 2563666842008E202B6A64435F06169A259D6DC56D16AF7359114C20A4FA4400 ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
10:38:47.0062 0x1464  BcmBtRSupport - ok
10:38:47.0069 0x1464  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
10:38:47.0075 0x1464  bcmfn2 - ok
10:38:47.0085 0x1464  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
10:38:47.0102 0x1464  BDESVC - ok
10:38:47.0106 0x1464  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:38:47.0117 0x1464  Beep - ok
10:38:47.0135 0x1464  [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE             C:\WINDOWS\System32\bfe.dll
10:38:47.0162 0x1464  BFE - ok
10:38:47.0166 0x1464  BitKinex - ok
10:38:47.0185 0x1464  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
10:38:47.0216 0x1464  BITS - ok
10:38:47.0227 0x1464  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:38:47.0241 0x1464  Bonjour Service - ok
10:38:47.0247 0x1464  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
10:38:47.0258 0x1464  bowser - ok
10:38:47.0266 0x1464  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
10:38:47.0284 0x1464  BrokerInfrastructure - ok
10:38:47.0289 0x1464  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
10:38:47.0302 0x1464  Browser - ok
10:38:47.0306 0x1464  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
10:38:47.0317 0x1464  BthAvrcpTg - ok
10:38:47.0323 0x1464  [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
10:38:47.0334 0x1464  BthEnum - ok
10:38:47.0338 0x1464  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
10:38:47.0350 0x1464  BthHFEnum - ok
10:38:47.0354 0x1464  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
10:38:47.0364 0x1464  bthhfhid - ok
10:38:47.0375 0x1464  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
10:38:47.0392 0x1464  BthHFSrv - ok
10:38:47.0401 0x1464  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
10:38:47.0417 0x1464  BthLEEnum - ok
10:38:47.0422 0x1464  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
10:38:47.0432 0x1464  BTHMODEM - ok
10:38:47.0438 0x1464  [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
10:38:47.0451 0x1464  BthPan - ok
10:38:47.0482 0x1464  [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
10:38:47.0518 0x1464  BTHPORT - ok
10:38:47.0524 0x1464  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
10:38:47.0536 0x1464  bthserv - ok
10:38:47.0542 0x1464  [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
10:38:47.0552 0x1464  BTHUSB - ok
10:38:47.0558 0x1464  [ 8A44414F20A086D6C4F4CF6CA51E02F9, D360454AD7F20AFFD79BBD618CD8BE162DE59EBA9BC8D01D5C2480C9F3845EEB ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
10:38:47.0567 0x1464  btwampfl - ok
10:38:47.0575 0x1464  [ 616579BBF7D209A411D2D554B551272E, 89B66E1C707C0641C6763D41E0A5C67596282D4307D0AFB15DF70C88C6C60C69 ] btwaudio        C:\WINDOWS\system32\drivers\btwaudio.sys
10:38:47.0586 0x1464  btwaudio - ok
10:38:47.0594 0x1464  [ 4B86046A90D2F46AE710FFE16D30B90B, 6AC52E78FBCC1824366EF28CBA2F1783A694647DA839374F6A038A89D2B58B3E ] btwavdt         C:\WINDOWS\system32\drivers\btwavdt.sys
10:38:47.0605 0x1464  btwavdt - ok
10:38:47.0627 0x1464  [ C439C2E707B16309D8937A16D0FF1DFA, D7A962B514E1147D1A4C95974D9DF9957EAC0A23E3BDDE13BB9522492889FECB ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
10:38:47.0653 0x1464  btwdins - ok
10:38:47.0658 0x1464  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
10:38:47.0665 0x1464  btwl2cap - ok
10:38:47.0668 0x1464  [ 4C8895543813CC6F86629F4696222FEF, 9863127C8AFC9A44BFA0E8292885C7210E26738D3D900267D25F4F182AB6A5B8 ] btwrchid        C:\WINDOWS\System32\drivers\btwrchid.sys
10:38:47.0674 0x1464  btwrchid - ok
10:38:47.0698 0x1464  [ 4E1D29BD13F186158A4D788DF98984D1, 64D6F925860DDDCEED4342776C0133ECF81A4A70890DE8C7C8A6375F7677D867 ] CAMService      C:\Program Files\Intel\CAM\bin\CAMService.exe
10:38:47.0726 0x1464  CAMService - ok
10:38:47.0733 0x1464  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
10:38:47.0747 0x1464  cdfs - ok
10:38:47.0754 0x1464  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
10:38:47.0766 0x1464  cdrom - ok
10:38:47.0772 0x1464  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
10:38:47.0786 0x1464  CertPropSvc - ok
10:38:47.0791 0x1464  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
10:38:47.0800 0x1464  circlass - ok
10:38:47.0804 0x1464  [ 69776E5AF0E6BE3BE0B44F5236C60DE1, 98727FCFA8EFF43120E3067A9786DC3AAF703EA775C935D176042B8F4D2EDA21 ] CLBStor         C:\WINDOWS\system32\DRIVERS\CLBStor.sys
10:38:47.0810 0x1464  CLBStor - ok
10:38:47.0820 0x1464  [ 5C420A12443EF2BBA3DFF9F11E5EDC49, B46018CBEFEADEF1611B937956B42381CE54BABFB42025A218259F014A6FAAD5 ] CLBUDF          C:\WINDOWS\system32\drivers\CLBUDF.sys
10:38:47.0832 0x1464  CLBUDF - ok
10:38:47.0843 0x1464  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
10:38:47.0859 0x1464  CLFS - ok
10:38:47.0912 0x1464  [ 55C892763A614BA39BA956A0323C65F3, 3A4FFB6140D8390CBA67ADEB459C71B0B6B5720D17E30E2677CC9AB603D43016 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
10:38:47.0967 0x1464  ClickToRunSvc - ok
10:38:47.0981 0x1464  [ 93F8931047F4B7716753D770605C8842, F2E4A99C1E0F7519886B6BFDDC9210B4800E26FBE99A06FFC6371D415291A742 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
10:38:47.0991 0x1464  CLKMSVC10_38F51D56 - ok
10:38:48.0000 0x1464  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
10:38:48.0010 0x1464  CmBatt - ok
10:38:48.0017 0x1464  [ 429B31D047CFAD3CA5DD38120A2CE455, 5CC1459CBBBF2E6788635D4C277B116D90AE01DBE7AD561EB41A668F64801E80 ] cm_km_w         C:\WINDOWS\system32\DRIVERS\cm_km_w.sys
10:38:48.0029 0x1464  cm_km_w - ok
10:38:48.0042 0x1464  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
10:38:48.0063 0x1464  CNG - ok
10:38:48.0069 0x1464  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
10:38:48.0079 0x1464  CompositeBus - ok
10:38:48.0082 0x1464  COMSysApp - ok
10:38:48.0088 0x1464  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
10:38:48.0099 0x1464  condrv - ok
10:38:48.0134 0x1464  [ 77B938A7EC67E1422BE9AB3C41475B19, BCD7D76BD1377155202C9857BA28AE6281F1BE2BBD0E9559564F89CDDB882DC2 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
10:38:48.0146 0x1464  cphs - ok
10:38:48.0154 0x1464  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
10:38:48.0170 0x1464  CryptSvc - ok
10:38:48.0183 0x1464  [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
10:38:48.0204 0x1464  CSC - ok
10:38:48.0223 0x1464  [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService      C:\WINDOWS\System32\cscsvc.dll
10:38:48.0247 0x1464  CscService - ok
10:38:48.0252 0x1464  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
10:38:48.0261 0x1464  dam - ok
10:38:48.0281 0x1464  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:38:48.0307 0x1464  DcomLaunch - ok
10:38:48.0321 0x1464  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
10:38:48.0342 0x1464  defragsvc - ok
10:38:48.0353 0x1464  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
10:38:48.0372 0x1464  DeviceAssociationService - ok
10:38:48.0378 0x1464  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
10:38:48.0391 0x1464  DeviceInstall - ok
10:38:48.0464 0x1464  [ 0B24043732807EE3AA25389356F4DE7C, 6A9A65B38968FF704C3938BEF5E6C1226447FF4F78997473B1694EA8D3D519DF ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
10:38:48.0531 0x1464  DevoloNetworkService - ok
10:38:48.0540 0x1464  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
10:38:48.0553 0x1464  Dfsc - ok
10:38:48.0562 0x1464  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
10:38:48.0580 0x1464  Dhcp - ok
10:38:48.0611 0x1464  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
10:38:48.0654 0x1464  DiagTrack - ok
10:38:48.0661 0x1464  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
10:38:48.0672 0x1464  disk - ok
10:38:48.0676 0x1464  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
10:38:48.0688 0x1464  dmvsc - ok
10:38:48.0695 0x1464  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:38:48.0712 0x1464  Dnscache - ok
10:38:48.0720 0x1464  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:38:48.0736 0x1464  dot3svc - ok
10:38:48.0742 0x1464  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
10:38:48.0750 0x1464  dot4 - ok
10:38:48.0754 0x1464  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
10:38:48.0760 0x1464  Dot4Print - ok
10:38:48.0765 0x1464  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
10:38:48.0772 0x1464  dot4usb - ok
10:38:48.0788 0x1464  [ 604D8E757DAF0E2BE6FD8F0047711069, B113F107FFCC8362FAAC64CCA01A3C17259196237E2AD63338A19D1151293A82 ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
10:38:48.0799 0x1464  DozeSvc - ok
10:38:48.0806 0x1464  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
10:38:48.0819 0x1464  DPS - ok
10:38:48.0823 0x1464  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:38:48.0831 0x1464  drmkaud - ok
10:38:48.0838 0x1464  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
10:38:48.0851 0x1464  DsmSvc - ok
10:38:48.0881 0x1464  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
10:38:48.0924 0x1464  DXGKrnl - ok
10:38:48.0931 0x1464  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\WINDOWS\system32\DRIVERS\DzHDD64.sys
10:38:48.0937 0x1464  DzHDD64 - ok
10:38:48.0943 0x1464  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
10:38:48.0957 0x1464  Eaphost - ok
10:38:49.0019 0x1464  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
10:38:49.0102 0x1464  ebdrv - ok
10:38:49.0109 0x1464  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
10:38:49.0118 0x1464  EFS - ok
10:38:49.0123 0x1464  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
10:38:49.0133 0x1464  EhStorClass - ok
10:38:49.0139 0x1464  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
10:38:49.0150 0x1464  EhStorTcgDrv - ok
10:38:49.0154 0x1464  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
10:38:49.0162 0x1464  ErrDev - ok
10:38:49.0177 0x1464  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
10:38:49.0197 0x1464  EventSystem - ok
10:38:49.0213 0x1464  [ ADAC76188512444B5D351EDDEB3A392B, 1C8D6B98C6A1361B0E8E55D8C95E1ECAD41E18B8987F9D78AAFCDEDB3B05CDDF ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:38:49.0231 0x1464  EvtEng - ok
10:38:49.0238 0x1464  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
10:38:49.0259 0x1464  exfat - ok
10:38:49.0267 0x1464  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
10:38:49.0279 0x1464  fastfat - ok
10:38:49.0294 0x1464  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
10:38:49.0317 0x1464  Fax - ok
10:38:49.0321 0x1464  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
10:38:49.0331 0x1464  fdc - ok
10:38:49.0335 0x1464  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
10:38:49.0345 0x1464  fdPHost - ok
10:38:49.0349 0x1464  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
10:38:49.0359 0x1464  FDResPub - ok
10:38:49.0364 0x1464  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
10:38:49.0378 0x1464  fhsvc - ok
10:38:49.0383 0x1464  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
10:38:49.0393 0x1464  FileInfo - ok
10:38:49.0396 0x1464  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
10:38:49.0410 0x1464  Filetrace - ok
10:38:49.0414 0x1464  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
10:38:49.0423 0x1464  flpydisk - ok
10:38:49.0432 0x1464  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:38:49.0448 0x1464  FltMgr - ok
10:38:49.0476 0x1464  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\WINDOWS\system32\FntCache.dll
10:38:49.0512 0x1464  FontCache - ok
10:38:49.0518 0x1464  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:38:49.0526 0x1464  FontCache3.0.0.0 - ok
10:38:49.0531 0x1464  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
10:38:49.0540 0x1464  FsDepends - ok
10:38:49.0544 0x1464  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:38:49.0552 0x1464  Fs_Rec - ok
10:38:49.0565 0x1464  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
10:38:49.0586 0x1464  fvevol - ok
10:38:49.0591 0x1464  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
10:38:49.0600 0x1464  FxPPM - ok
10:38:49.0604 0x1464  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
10:38:49.0613 0x1464  gagp30kx - ok
10:38:49.0630 0x1464  [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
10:38:49.0649 0x1464  Garmin Device Interaction Service - ok
10:38:49.0654 0x1464  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:38:49.0660 0x1464  GEARAspiWDM - ok
10:38:49.0664 0x1464  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
10:38:49.0673 0x1464  gencounter - ok
10:38:49.0679 0x1464  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
10:38:49.0691 0x1464  GPIOClx0101 - ok
10:38:49.0725 0x1464  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
10:38:49.0765 0x1464  gpsvc - ok
10:38:49.0773 0x1464  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:38:49.0781 0x1464  gupdate - ok
10:38:49.0785 0x1464  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:38:49.0792 0x1464  gupdatem - ok
10:38:49.0798 0x1464  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
10:38:49.0809 0x1464  HDAudBus - ok
10:38:49.0813 0x1464  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
10:38:49.0822 0x1464  HidBatt - ok
10:38:49.0828 0x1464  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
10:38:49.0840 0x1464  HidBth - ok
10:38:49.0844 0x1464  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
10:38:49.0854 0x1464  hidi2c - ok
10:38:49.0858 0x1464  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
10:38:49.0867 0x1464  HidIr - ok
10:38:49.0871 0x1464  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
10:38:49.0882 0x1464  hidserv - ok
10:38:49.0886 0x1464  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
10:38:49.0897 0x1464  HidUsb - ok
10:38:49.0902 0x1464  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
10:38:49.0915 0x1464  hkmsvc - ok
10:38:49.0923 0x1464  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
10:38:49.0940 0x1464  HomeGroupListener - ok
10:38:49.0951 0x1464  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
10:38:49.0969 0x1464  HomeGroupProvider - ok
10:38:49.0978 0x1464  [ 0D0213498683414DDE29B1686A4C08D5, E9B64406C04B6E55CBD17E7C47B023CEA11FEE07B791154129D6F4F29D15AB7F ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:38:49.0989 0x1464  hpqcxs08 - ok
10:38:49.0993 0x1464  [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:38:50.0001 0x1464  hpqddsvc - ok
10:38:50.0005 0x1464  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
10:38:50.0014 0x1464  HpSAMD - ok
10:38:50.0021 0x1464  HPSLPSVC - ok
10:38:50.0041 0x1464  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
10:38:50.0070 0x1464  HTTP - ok
10:38:50.0075 0x1464  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
10:38:50.0083 0x1464  hwpolicy - ok
10:38:50.0086 0x1464  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
10:38:50.0095 0x1464  hyperkbd - ok
10:38:50.0099 0x1464  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
10:38:50.0109 0x1464  HyperVideo - ok
10:38:50.0114 0x1464  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
10:38:50.0129 0x1464  i8042prt - ok
10:38:50.0134 0x1464  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
10:38:50.0140 0x1464  iaLPSSi_GPIO - ok
10:38:50.0145 0x1464  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
10:38:50.0153 0x1464  iaLPSSi_I2C - ok
10:38:50.0167 0x1464  [ 8BE099617DA18FE085A40D47FC156B1B, A5F7AB41D32DF8A12F1945C263EE954CE15069C3CFD7131C74A8A3F4EC3AC122 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
10:38:50.0183 0x1464  iaStorA - ok
10:38:50.0198 0x1464  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
10:38:50.0216 0x1464  iaStorAV - ok
10:38:50.0227 0x1464  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
10:38:50.0243 0x1464  iaStorV - ok
10:38:50.0249 0x1464  [ 3770DCC5A7006C555AD1A4AA84A842FC, B9FA66493C7E5A9D3C75E286F1C2B6E465CB2798CB1A522E56837B1569717673 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
10:38:50.0257 0x1464  IBMPMDRV - ok
10:38:50.0263 0x1464  [ 193EA32FC2E3738C23D43F587E30882F, ABCE2A7F6B66BC1A03FF46E324353F89B9C26A5E4FC1B437BEAAE3E4F127958B ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
10:38:50.0273 0x1464  IBMPMSVC - ok
10:38:50.0277 0x1464  IEEtwCollectorService - ok
10:38:50.0352 0x1464  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
10:38:50.0449 0x1464  igfx - ok
10:38:50.0461 0x1d6c  Object required for P2P: [ 55C892763A614BA39BA956A0323C65F3 ] ClickToRunSvc
10:38:50.0476 0x1464  [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
10:38:50.0505 0x1464  IKEEXT - ok
10:38:50.0511 0x1464  [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
10:38:50.0518 0x1464  intaud_WaveExtensible - ok
10:38:50.0581 0x1464  [ 0CDE7928C4B99C25AAED3B4E84E78168, 5B5444574551D2637A3827F26D248573AECE1B12DFA175C13B10B2A777AD2513 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
10:38:50.0655 0x1464  IntcAzAudAddService - ok
10:38:50.0671 0x1464  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:38:50.0685 0x1464  IntcDAud - ok
10:38:50.0700 0x1464  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:38:50.0718 0x1464  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
10:38:52.0885 0x1d6c  Object send P2P result: true
10:38:53.0029 0x1464  Detect skipped due to KSN trusted
10:38:53.0029 0x1464  Intel(R) Capability Licensing Service Interface - ok
10:38:53.0047 0x1464  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
10:38:53.0068 0x1464  Intel(R) Capability Licensing Service TCP IP Interface - ok
10:38:53.0072 0x1464  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
10:38:53.0080 0x1464  intelide - ok
10:38:53.0085 0x1464  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
10:38:53.0094 0x1464  intelpep - ok
10:38:53.0099 0x1464  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
10:38:53.0110 0x1464  intelppm - ok
10:38:53.0115 0x1464  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:38:53.0128 0x1464  IpFilterDriver - ok
10:38:53.0147 0x1464  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
10:38:53.0175 0x1464  iphlpsvc - ok
10:38:53.0180 0x1464  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
10:38:53.0194 0x1464  IPMIDRV - ok
10:38:53.0200 0x1464  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
10:38:53.0215 0x1464  IPNAT - ok
10:38:53.0228 0x1464  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:38:53.0245 0x1464  iPod Service - ok
10:38:53.0250 0x1464  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
10:38:53.0261 0x1464  IRENUM - ok
10:38:53.0265 0x1464  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
10:38:53.0276 0x1464  isapnp - ok
10:38:53.0285 0x1464  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
10:38:53.0301 0x1464  iScsiPrt - ok
10:38:53.0305 0x1464  [ 5AB18D8055A4280C0F377A6262F3157E, 091366AE17601407E2A882BFF7901F1970C1111DA935B913BEAA2AFA76D4EEA2 ] ISCT            C:\WINDOWS\System32\drivers\ISCTD64.sys
10:38:53.0312 0x1464  ISCT - ok
10:38:53.0316 0x1464  [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
10:38:53.0322 0x1464  iwdbus - ok
10:38:53.0328 0x1464  [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:38:53.0336 0x1464  jhi_service - ok
10:38:53.0341 0x1464  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
10:38:53.0350 0x1464  kbdclass - ok
10:38:53.0354 0x1464  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
10:38:53.0363 0x1464  kbdhid - ok
10:38:53.0367 0x1464  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\WINDOWS\system32\drivers\kbldfltr.sys
10:38:53.0375 0x1464  kbldfltr - ok
10:38:53.0380 0x1464  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
10:38:53.0390 0x1464  kdnic - ok
10:38:53.0395 0x1464  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
10:38:53.0403 0x1464  KeyIso - ok
10:38:53.0414 0x1464  [ 5781DA0CFB8833F5D8AEB433233C7294, 5EF52B532257E8CD34CEAFA405FF022CB1127B6A92BEE5578BC73B0380556D2A ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
10:38:53.0430 0x1464  kl1 - ok
10:38:53.0434 0x1464  [ EE7A44540B65B6FF617DCB8929C9FDAE, E9FB0BEAA1692CEBE8F6E1DED6AE49EFE2679F606CD251AE2222095D37129CDA ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
10:38:53.0443 0x1464  kldisk - ok
10:38:53.0447 0x1464  [ F2EB9202FCCC81E0902D3C5A70037A44, 9554851BB68228500E69536B0C484B32FC92B85A76A7F1F268549212D0D5CFCA ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
10:38:53.0457 0x1464  klelam - ok
10:38:53.0463 0x1464  [ 6C76992FC40A857A24C5D96602E9C3B1, 87DF4C915B9B926891A252A1D126B262DC9A37A508AAEFC5957C4C7AB297D7E3 ] klflt           C:\WINDOWS\system32\DRIVERS\klflt.sys
10:38:53.0473 0x1464  klflt - ok
10:38:53.0480 0x1464  [ 52B6208BC2E92558AD7DB2A6015F8E4A, 15E61BB99DCB5ADA9F5E9C9861FDB8B19133CFDA79FB332C68BF527C65F8E0B8 ] klhk            C:\WINDOWS\system32\DRIVERS\klhk.sys
10:38:53.0491 0x1464  klhk - ok
10:38:53.0509 0x1464  [ 68A63B654F5545F2131B8C549F18B95B, 03AD286FCCFA25A2C28E206485A27DA47F116546B81964822AF05F268D58D1A6 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
10:38:53.0532 0x1464  KLIF - ok
10:38:53.0537 0x1464  [ 082E4E17C8C56205D7A3A74F52FAD991, BF664A675549F0456983B974FC94614FDE5DC778033ACE0936B78A0FBCB52226 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
10:38:53.0545 0x1464  KLIM6 - ok
10:38:53.0549 0x1464  [ 72EB703CBD490DE11FB468F290A47493, AA7469DA253EFC3B534BA2D0BBBCD95F82DBAA48E4CBC9F67DAD7B118C3F85D3 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
10:38:53.0557 0x1464  klkbdflt - ok
10:38:53.0561 0x1464  klkbdflt2 - ok
10:38:53.0565 0x1464  [ 039C35F0CA2866447C6C38F6653DD0BF, 7F084E1CA2FEA6E3D3FBE3DC8D0362BB5ADCF53B2CB3F1349EF96F39131E1D6D ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
10:38:53.0573 0x1464  klmouflt - ok
10:38:53.0577 0x1464  [ B33399BCA2034648520E34987CE2C0C9, F93B38D7DFAAE44B929BC2F739F03A9A67C6FA4AFC29B07DF96D2C7011DCB1AF ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
10:38:53.0584 0x1464  klpd - ok
10:38:53.0589 0x1464  [ C66A4C640B7F9606668D35D726D2FF51, B6708A516D55FDDB3C5F018827D4E0B52D2B65D7B0DC33A9AECC301A05A860DE ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
10:38:53.0597 0x1464  klwfp - ok
10:38:53.0602 0x1464  [ 88D5EF6EE17C280167D42B53282AB4BD, CFFF8D7CE24FCE62FB2C21E1B09DF914612C1EF96876855537B207F7BD83E872 ] Klwtp           C:\WINDOWS\system32\DRIVERS\klwtp.sys
10:38:53.0611 0x1464  Klwtp - ok
10:38:53.0617 0x1464  [ F9F8752748D6629EB8A5990F97D4346B, 833788E320F429BA25838F414F190C1D024D352F4F3CE050D593DCAEB2BAC2E8 ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
10:38:53.0628 0x1464  kneps - ok
10:38:53.0633 0x1464  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
10:38:53.0643 0x1464  KSecDD - ok
10:38:53.0649 0x1464  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
10:38:53.0661 0x1464  KSecPkg - ok
10:38:53.0668 0x1464  [ 6EFBC82722D0F7B35283993189ECE9D0, C992072A3248C35C5C46E0CCD463C60C6376E7E17AA67BAFF8260C200DC47900 ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
10:38:53.0678 0x1464  KSS - ok
10:38:53.0683 0x1464  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
10:38:53.0692 0x1464  ksthunk - ok
10:38:53.0701 0x1464  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
10:38:53.0718 0x1464  KtmRm - ok
10:38:53.0727 0x1464  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
10:38:53.0745 0x1464  LanmanServer - ok
10:38:53.0753 0x1464  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
10:38:53.0769 0x1464  LanmanWorkstation - ok
10:38:53.0810 0x1464  [ F1E4002541DC3FF409CFF8DA653E3504, C82B3146EB2E3F6CC590AFA9935A557261A6C9DBBC8F562FD0E037DDCB6167A3 ] Lenovo Settings Service C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
10:38:53.0848 0x1464  Lenovo Settings Service - ok
10:38:53.0865 0x1464  [ 1C079F496D757794605D393335B38C9C, 483221CE92D53DFEAD90B6E1CB67B86873AF94E6BAA83120AA4751F0B021C2A9 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
10:38:53.0881 0x1464  Lenovo System Agent Service - ok
10:38:53.0893 0x1464  [ AB678C691773820CD73AEAFAF5A21AD8, E099D424D79C759A4AF64B60D88906153165AC7E01461EB48FEC0B8559776B00 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CamMute.exe
10:38:53.0906 0x1464  LENOVO.CAMMUTE - ok
10:38:53.0911 0x1464  [ 521ADEA6D54C519EA3BE8202FF3EC36D, E29C88321C0F8B136951B617C206B36AE25D68EF08E723DE99064EF9BE87A3F9 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:38:53.0929 0x1464  LENOVO.MICMUTE - ok
10:38:53.0939 0x1464  [ 5A89EDA6545ADCB5767EB49AF0728A00, 15F28A58F1D4A013BA3763BE2578A1D22B44E664111E974F8D761ED6F15BDD32 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
10:38:53.0953 0x1464  LENOVO.TPKNRSVC - ok
10:38:53.0967 0x1464  [ 4E9E21789513A45FD51C7316528F4775, ADAA91DA2FBA0816A225499FD41A0A9DD92EB52EDA1C56D0A659B96F50102BAA ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
10:38:53.0983 0x1464  LENOVO.TVTVCAM - ok
10:38:53.0988 0x1464  [ EE982F13F0957AB40992DDBC47164A76, C75AA052A8B2E5A1CBA06C32D855B74C576F2E349B8D1A4570F7E991933FEE6A ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
10:38:53.0996 0x1464  Lenovo.VIRTSCRLSVC - ok
10:38:54.0008 0x1464  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
10:38:54.0033 0x1464  lfsvc - ok
10:38:54.0039 0x1464  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
10:38:54.0052 0x1464  lltdio - ok
10:38:54.0060 0x1464  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
10:38:54.0076 0x1464  lltdsvc - ok
10:38:54.0080 0x1464  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
10:38:54.0092 0x1464  lmhosts - ok
10:38:54.0101 0x1464  [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:38:54.0113 0x1464  LMS - ok
10:38:54.0116 0x1464  [ E90A50E34E7C5CAD89DFDB9CE5A6019D, 48A3A0F74131582ED8034256E8FF433682BC7D61B8C3DC304F689A60DDC92D8A ] lnvDiscoveryWinSvc C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
10:38:54.0122 0x1464  lnvDiscoveryWinSvc - ok
10:38:54.0126 0x1464  [ FCF77211FAE72F3CB020A2CF51047114, FE93CD029A38B0177A3469C32774649146D18CA670C744F5A9C7B002FAC722A7 ] LnvHIDHW        C:\WINDOWS\System32\drivers\LnvHIDHW.sys
10:38:54.0133 0x1464  LnvHIDHW - ok
10:38:54.0144 0x1464  [ 3E91E5CC5D5458F002FD1A679AF16124, 158AFD521DB956DC7C373AC0FC691E5F0BD292A1B3C8C0A61DDC94D2A9A45CD6 ] LnvHotSpotSvc   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
10:38:54.0159 0x1464  LnvHotSpotSvc - ok
10:38:54.0171 0x1464  [ 2C756AFCEA605EED6731589F34EF2D84, F92A3071FF989DF0A7ECE96410E72F8180DE646E38A94582517F8E59D289F419 ] LocationTaskManager C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
10:38:54.0184 0x1464  LocationTaskManager - ok
10:38:54.0193 0x1464  [ 25F003B378E831514587DC6155781227, 7E68BED3721B9B917DDF215E572EEC4D1B30805CB8C274222450F65AA6B9D945 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
10:38:54.0204 0x1464  LSCWinService - ok
10:38:54.0210 0x1464  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
10:38:54.0220 0x1464  LSI_SAS - ok
10:38:54.0225 0x1464  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
10:38:54.0235 0x1464  LSI_SAS2 - ok
10:38:54.0239 0x1464  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
10:38:54.0249 0x1464  LSI_SAS3 - ok
10:38:54.0253 0x1464  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
10:38:54.0263 0x1464  LSI_SSS - ok
10:38:54.0279 0x1464  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
10:38:54.0306 0x1464  LSM - ok
10:38:54.0312 0x1464  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
10:38:54.0325 0x1464  luafv - ok
10:38:54.0330 0x1464  [ 7A774BCEC03A35E741198FEAFC4EDCFE, F0BF031A00E40F67E00D281F14EA88F8F5C4222F70CBB077CE4CEA56AE817660 ] MbmLowExt       C:\WINDOWS\System32\Drivers\MbmLowExt.sys
10:38:54.0342 0x1464  MbmLowExt - ok
10:38:54.0346 0x1464  [ 17F280C257EA282EC4C54E55DF6FC04B, 3BDFB76CECB277BD0F6CECD6EC40AA730AA9F0D90B79A75E5464F58F575F6746 ] MbmUsbSerial    C:\WINDOWS\System32\Drivers\MbmUsbSerial.sys
10:38:54.0359 0x1464  MbmUsbSerial - ok
10:38:54.0363 0x1464  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
10:38:54.0372 0x1464  megasas - ok
10:38:54.0386 0x1464  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
10:38:54.0406 0x1464  megasr - ok
10:38:54.0411 0x1464  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
10:38:54.0419 0x1464  MEIx64 - ok
10:38:54.0423 0x1464  [ 14473789A14BB0078D459074624C1763, 9CF8F95392EE1BC2E031318B871D12B60C82F083D7ED790B2D617E1D9B000A61 ] MkBusFilter     C:\WINDOWS\System32\drivers\MbmDeviceFilter.sys
10:38:54.0433 0x1464  MkBusFilter - ok
10:38:54.0438 0x1464  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
10:38:54.0450 0x1464  MMCSS - ok
10:38:54.0455 0x1464  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
10:38:54.0466 0x1464  Modem - ok
10:38:54.0470 0x1464  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
10:38:54.0480 0x1464  monitor - ok
10:38:54.0484 0x1464  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
10:38:54.0493 0x1464  mouclass - ok
10:38:54.0498 0x1464  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
10:38:54.0508 0x1464  mouhid - ok
10:38:54.0513 0x1464  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
10:38:54.0523 0x1464  mountmgr - ok
10:38:54.0529 0x1464  [ 6215DA3AD492CFBEBEE2ADBED0A6CC22, 07B290B58EF722825D50AF97E10B7098A2118B3F335E1FFF8F9E5E9AF7A0A6CE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:38:54.0539 0x1464  MozillaMaintenance - ok
10:38:54.0544 0x1464  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
10:38:54.0555 0x1464  mpsdrv - ok
10:38:54.0573 0x1464  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
10:38:54.0600 0x1464  MpsSvc - ok
10:38:54.0606 0x1464  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
10:38:54.0619 0x1464  MRxDAV - ok
10:38:54.0629 0x1464  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:38:54.0648 0x1464  mrxsmb - ok
10:38:54.0656 0x1464  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
10:38:54.0673 0x1464  mrxsmb10 - ok
10:38:54.0679 0x1464  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
10:38:54.0692 0x1464  mrxsmb20 - ok
10:38:54.0698 0x1464  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
10:38:54.0709 0x1464  MsBridge - ok
10:38:54.0716 0x1464  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
10:38:54.0728 0x1464  MSDTC - ok
10:38:54.0734 0x1464  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:38:54.0745 0x1464  Msfs - ok
10:38:54.0749 0x1464  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
10:38:54.0758 0x1464  msgpiowin32 - ok
10:38:54.0762 0x1464  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
10:38:54.0772 0x1464  mshidkmdf - ok
10:38:54.0776 0x1464  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
10:38:54.0785 0x1464  mshidumdf - ok
10:38:54.0789 0x1464  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
10:38:54.0797 0x1464  msisadrv - ok
10:38:54.0803 0x1464  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
10:38:54.0815 0x1464  MSiSCSI - ok
10:38:54.0818 0x1464  msiserver - ok
10:38:54.0823 0x1464  [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
10:38:54.0834 0x1464  MsKeyboardFilter - ok
10:38:54.0838 0x1464  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:38:54.0847 0x1464  MSKSSRV - ok
10:38:54.0852 0x1464  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
10:38:54.0863 0x1464  MsLldp - ok
10:38:54.0866 0x1464  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:38:54.0875 0x1464  MSPCLOCK - ok
10:38:54.0879 0x1464  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:38:54.0889 0x1464  MSPQM - ok
10:38:54.0898 0x1464  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
10:38:54.0913 0x1464  MsRPC - ok
10:38:54.0919 0x1464  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
10:38:54.0928 0x1464  mssmbios - ok
10:38:54.0932 0x1464  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:38:54.0941 0x1464  MSTEE - ok
10:38:54.0945 0x1464  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
10:38:54.0955 0x1464  MTConfig - ok
10:38:54.0959 0x1464  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
10:38:54.0969 0x1464  Mup - ok
10:38:54.0973 0x1464  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
10:38:54.0982 0x1464  mvumis - ok
10:38:54.0990 0x1464  [ EBD7D5781E446C5F367F97944014BC7F, 86BAF4C4B0933CD9E26FEA98844A46FC3FE932A978F358B0CDB01ED87217EFB9 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:38:55.0001 0x1464  MyWiFiDHCPDNS - ok
10:38:55.0012 0x1464  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
10:38:55.0031 0x1464  napagent - ok
10:38:55.0042 0x1464  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
10:38:55.0060 0x1464  NativeWifiP - ok
10:38:55.0066 0x1464  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
10:38:55.0080 0x1464  NcaSvc - ok
10:38:55.0087 0x1464  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
10:38:55.0102 0x1464  NcbService - ok
10:38:55.0108 0x1464  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
10:38:55.0122 0x1464  NcdAutoSetup - ok
10:38:55.0145 0x1464  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
10:38:55.0178 0x1464  NDIS - ok
10:38:55.0183 0x1464  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
10:38:55.0193 0x1464  NdisCap - ok
10:38:55.0198 0x1464  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
10:38:55.0210 0x1464  NdisImPlatform - ok
10:38:55.0214 0x1464  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:38:55.0225 0x1464  NdisTapi - ok
10:38:55.0229 0x1464  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:38:55.0241 0x1464  Ndisuio - ok
10:38:55.0244 0x1464  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
10:38:55.0255 0x1464  NdisVirtualBus - ok
10:38:55.0262 0x1464  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:38:55.0277 0x1464  NdisWan - ok
10:38:55.0283 0x1464  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:38:55.0296 0x1464  NdisWanLegacy - ok
10:38:55.0301 0x1464  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:38:55.0311 0x1464  NDProxy - ok
10:38:55.0316 0x1464  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
10:38:55.0329 0x1464  Ndu - ok
10:38:55.0334 0x1464  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
10:38:55.0340 0x1464  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
10:38:57.0662 0x1464  Detect skipped due to KSN trusted
10:38:57.0662 0x1464  Net Driver HPZ12 - ok
10:38:57.0679 0x1464  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:38:57.0715 0x1464  NetBIOS - ok
         
__________________

Alt 07.10.2015, 10:56   #4
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



TDSSKiller Teil2

Code:
ATTFilter
10:38:57.0730 0x1464  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:38:57.0752 0x1464  NetBT - ok
10:38:57.0756 0x1464  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:38:57.0766 0x1464  Netlogon - ok
10:38:57.0774 0x1464  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
10:38:57.0789 0x1464  Netman - ok
10:38:57.0802 0x1464  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
10:38:57.0823 0x1464  netprofm - ok
10:38:57.0832 0x1464  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:38:57.0843 0x1464  NetTcpPortSharing - ok
10:38:57.0851 0x1464  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
10:38:57.0879 0x1464  netvsc - ok
10:38:57.0940 0x1464  [ 93AFEDE8FADE0BE80CA10ACF290330C2, D698F0F643871E296DEEE4CA8033319DF5660C01D361FE67EFE2187732A89778 ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
10:38:58.0009 0x1464  NETwNe64 - ok
10:38:58.0021 0x1464  [ 450712376E4B4849E482A0677A8A08CD, 813AE61475AE8C3B585BD4B347DE62888E5BDC6A488CF9D1583F194F32C6D549 ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
10:38:58.0031 0x1464  NitroDriverReadSpool8 - ok
10:38:58.0041 0x1464  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
10:38:58.0059 0x1464  NlaSvc - ok
10:38:58.0092 0x1464  [ D9C94810C65E02089559240BD95BEC2F, 76843194A3AA8534A305A670073BC19C3FA459493A85F97BDC65DEC038877266 ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
10:38:58.0098 0x1464  nlsX86cc - ok
10:38:58.0103 0x1464  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:38:58.0114 0x1464  Npfs - ok
10:38:58.0118 0x1464  [ 49697C2C761ACB5C0DE99CC8FE93E95B, 02EEA7FB21D28B235A05FE0A6061170F366470EF6E45C9B21D7C8C0E7C728FC5 ] NPF_devolo      C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys
10:38:58.0125 0x1464  NPF_devolo - ok
10:38:58.0130 0x1464  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
10:38:58.0140 0x1464  npsvctrig - ok
10:38:58.0145 0x1464  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
10:38:58.0157 0x1464  nsi - ok
10:38:58.0161 0x1464  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
10:38:58.0171 0x1464  nsiproxy - ok
10:38:58.0211 0x1464  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:38:58.0259 0x1464  Ntfs - ok
10:38:58.0266 0x1464  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:38:58.0276 0x1464  Null - ok
10:38:58.0282 0x1464  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
10:38:58.0292 0x1464  nvraid - ok
10:38:58.0298 0x1464  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
10:38:58.0310 0x1464  nvstor - ok
10:38:58.0316 0x1464  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
10:38:58.0326 0x1464  nv_agp - ok
10:38:58.0333 0x1464  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:38:58.0343 0x1464  ose - ok
10:38:58.0353 0x1464  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
10:38:58.0371 0x1464  p2pimsvc - ok
10:38:58.0382 0x1464  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
10:38:58.0402 0x1464  p2psvc - ok
10:38:58.0410 0x1464  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
10:38:58.0423 0x1464  Parport - ok
10:38:58.0428 0x1464  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
10:38:58.0438 0x1464  partmgr - ok
10:38:58.0450 0x1464  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
10:38:58.0470 0x1464  PcaSvc - ok
10:38:58.0480 0x1464  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
10:38:58.0496 0x1464  pci - ok
10:38:58.0500 0x1464  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
10:38:58.0508 0x1464  pciide - ok
10:38:58.0514 0x1464  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
10:38:58.0525 0x1464  pcmcia - ok
10:38:58.0529 0x1464  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
10:38:58.0538 0x1464  pcw - ok
10:38:58.0543 0x1464  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
10:38:58.0553 0x1464  pdc - ok
10:38:58.0567 0x1464  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
10:38:58.0590 0x1464  PEAUTH - ok
10:38:58.0631 0x1464  [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
10:38:58.0685 0x1464  PeerDistSvc - ok
10:38:58.0692 0x1464  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
10:38:58.0705 0x1464  PerfHost - ok
10:38:58.0738 0x1464  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
10:38:58.0777 0x1464  pla - ok
10:38:58.0784 0x1464  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
10:38:58.0795 0x1464  PlugPlay - ok
10:38:58.0800 0x1464  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
10:38:58.0806 0x1464  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
10:39:01.0450 0x1464  Detect skipped due to KSN trusted
10:39:01.0450 0x1464  Pml Driver HPZ12 - ok
10:39:01.0465 0x1464  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
10:39:01.0497 0x1464  PNRPAutoReg - ok
10:39:01.0512 0x1464  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
10:39:01.0543 0x1464  PNRPsvc - ok
10:39:01.0559 0x1464  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
10:39:01.0575 0x1464  PolicyAgent - ok
10:39:01.0575 0x1464  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
10:39:01.0590 0x1464  Power - ok
10:39:01.0622 0x1464  [ FA9A5B84900443A1309FE62F92C8A228, B915EFC84CF3A16D4EB6CB246AB6819303D871630F3E61416D4CACDF6BBA6487 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
10:39:01.0668 0x1464  Power Manager DBC Service - ok
10:39:01.0668 0x1464  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:39:01.0684 0x1464  PptpMiniport - ok
10:39:01.0747 0x1464  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
10:39:01.0809 0x1464  PrintNotify - ok
10:39:01.0809 0x1464  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
10:39:01.0825 0x1464  Processor - ok
10:39:01.0825 0x1464  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
10:39:01.0840 0x1464  ProfSvc - ok
10:39:01.0856 0x1464  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
10:39:01.0872 0x1464  Psched - ok
10:39:01.0872 0x1464  [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD          C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
10:39:01.0872 0x1464  PSKMAD - ok
10:39:01.0887 0x1464  [ 654E5FB995679A3761D372813B13817D, B33D4DA1C0D8DDC51709C2D56056E0C68ABB7A0257192D3C3A7B5981482FC67F ] QuickControlMasterSvc C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
10:39:01.0887 0x1464  QuickControlMasterSvc - ok
10:39:01.0903 0x1464  [ 2CD7C5F85E3FABF601FD8AF21F067572, 1986F8B9EB2ABC98CA23775D871913EC41A8342DA48E24DF08937AE7AEE1C961 ] QuickControlService C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
10:39:01.0903 0x1464  QuickControlService - ok
10:39:01.0918 0x1464  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
10:39:01.0934 0x1464  QWAVE - ok
10:39:01.0934 0x1464  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
10:39:01.0950 0x1464  QWAVEdrv - ok
10:39:01.0950 0x1464  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:39:01.0950 0x1464  RasAcd - ok
10:39:01.0965 0x1464  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
10:39:01.0965 0x1464  RasAgileVpn - ok
10:39:01.0981 0x1464  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:39:01.0997 0x1464  RasAuto - ok
10:39:01.0997 0x1464  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:39:02.0012 0x1464  Rasl2tp - ok
10:39:02.0012 0x1464  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:39:02.0043 0x1464  RasMan - ok
10:39:02.0043 0x1464  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:39:02.0059 0x1464  RasPppoe - ok
10:39:02.0059 0x1464  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
10:39:02.0075 0x1464  RasSstp - ok
10:39:02.0075 0x1464  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:39:02.0106 0x1464  rdbss - ok
10:39:02.0106 0x1464  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
10:39:02.0122 0x1464  rdpbus - ok
10:39:02.0122 0x1464  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
10:39:02.0137 0x1464  RDPDR - ok
10:39:02.0137 0x1464  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
10:39:02.0153 0x1464  RdpVideoMiniport - ok
10:39:02.0168 0x1464  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
10:39:02.0168 0x1464  rdyboost - ok
10:39:02.0200 0x1464  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
10:39:02.0215 0x1464  ReFS - ok
10:39:02.0231 0x1464  [ 6656FBF14F378A272682A4F91CBDCDAD, A31B9D61F91DEBA8FB622148A60106115BE4CAE06CE1FE1FA729C45BAD0C5294 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:39:02.0231 0x1464  RegSrvc - ok
10:39:02.0247 0x1464  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:39:02.0262 0x1464  RemoteAccess - ok
10:39:02.0262 0x1464  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:39:02.0278 0x1464  RemoteRegistry - ok
10:39:02.0278 0x1464  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
10:39:02.0293 0x1464  RFCOMM - ok
10:39:02.0309 0x1464  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:39:02.0309 0x1464  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
10:39:04.0622 0x1464  Detect skipped due to KSN trusted
10:39:04.0622 0x1464  RichVideo - ok
10:39:04.0638 0x1464  [ 5B5FF622A55B479E1F2DDD92FF6CBFD3, 6DA714E48D930198193E84360A4DC5B3042BF02EB3CB3AF8778E91366369372F ] risdxc          C:\WINDOWS\System32\drivers\risdxc64.sys
10:39:04.0669 0x1464  risdxc - ok
10:39:04.0669 0x1464  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
10:39:04.0701 0x1464  RpcEptMapper - ok
10:39:04.0701 0x1464  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:39:04.0716 0x1464  RpcLocator - ok
10:39:04.0732 0x1464  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:39:04.0747 0x1464  RpcSs - ok
10:39:04.0763 0x1464  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
10:39:04.0779 0x1464  rspndr - ok
10:39:04.0779 0x1464  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
10:39:04.0779 0x1464  s3cap - ok
10:39:04.0794 0x1464  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
10:39:04.0794 0x1464  SamSs - ok
10:39:04.0810 0x1464  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
10:39:04.0810 0x1464  sbp2port - ok
10:39:04.0826 0x1464  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
10:39:04.0841 0x1464  SCardSvr - ok
10:39:04.0841 0x1464  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
10:39:04.0857 0x1464  ScDeviceEnum - ok
10:39:04.0857 0x1464  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
10:39:04.0872 0x1464  scfilter - ok
10:39:04.0888 0x1464  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:39:04.0935 0x1464  Schedule - ok
10:39:04.0935 0x1464  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
10:39:04.0951 0x1464  SCPolicySvc - ok
10:39:04.0951 0x1464  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
10:39:04.0966 0x1464  sdbus - ok
10:39:04.0982 0x1464  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
10:39:04.0982 0x1464  sdstor - ok
10:39:04.0982 0x1464  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
10:39:04.0997 0x1464  secdrv - ok
10:39:04.0997 0x1464  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
10:39:05.0013 0x1464  seclogon - ok
10:39:05.0013 0x1464  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
10:39:05.0029 0x1464  SENS - ok
10:39:05.0029 0x1464  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
10:39:05.0044 0x1464  SensrSvc - ok
10:39:05.0060 0x1464  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
10:39:05.0060 0x1464  SerCx - ok
10:39:05.0076 0x1464  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
10:39:05.0076 0x1464  SerCx2 - ok
10:39:05.0076 0x1464  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
10:39:05.0091 0x1464  Serenum - ok
10:39:05.0091 0x1464  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
10:39:05.0107 0x1464  Serial - ok
10:39:05.0107 0x1464  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
10:39:05.0122 0x1464  sermouse - ok
10:39:05.0138 0x1464  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
10:39:05.0154 0x1464  SessionEnv - ok
10:39:05.0154 0x1464  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
10:39:05.0169 0x1464  sfloppy - ok
10:39:05.0169 0x1464  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:39:05.0201 0x1464  SharedAccess - ok
10:39:05.0217 0x1464  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:39:05.0232 0x1464  ShellHWDetection - ok
10:39:05.0232 0x1464  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
10:39:05.0248 0x1464  SiSRaid2 - ok
10:39:05.0248 0x1464  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
10:39:05.0263 0x1464  SiSRaid4 - ok
10:39:05.0263 0x1464  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:39:05.0279 0x1464  SkypeUpdate - ok
10:39:05.0295 0x1464  [ 7956FD22F1AC83057630975D2B9AA452, ACBA47559D97B1B3FBDD7D9C7F13918EA00D63D9194642692E89E05B2D304BDE ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
10:39:05.0295 0x1464  SmbDrvI - ok
10:39:05.0295 0x1464  [ 3BC2844AF786CA422CC31D505ACFA9F2, 38936490E2F404FC1235D8C6C7E87809E2935057041CBE884D887B0A69A47279 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
10:39:05.0310 0x1464  smihlp - ok
10:39:05.0310 0x1464  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
10:39:05.0326 0x1464  smphost - ok
10:39:05.0326 0x1464  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
10:39:05.0342 0x1464  SNMPTRAP - ok
10:39:05.0342 0x1464  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
10:39:05.0373 0x1464  spaceport - ok
10:39:05.0373 0x1464  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
10:39:05.0388 0x1464  SpbCx - ok
10:39:05.0404 0x1464  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
10:39:05.0420 0x1464  Spooler - ok
10:39:05.0545 0x1464  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
10:39:05.0701 0x1464  sppsvc - ok
10:39:05.0732 0x1464  [ 13F0EB464D44CA0AE87CF16F72BD07AE, 99894854B1E9EA0E40D2204E5B2006039DEE30E5593290C8323D8340DFF7F8B2 ] SPUVCbv         C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys
10:39:05.0763 0x1464  SPUVCbv - ok
10:39:05.0779 0x1464  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:39:05.0795 0x1464  srv - ok
10:39:05.0810 0x1464  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
10:39:05.0826 0x1464  srv2 - ok
10:39:05.0842 0x1464  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
10:39:05.0857 0x1464  srvnet - ok
10:39:05.0857 0x1464  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:39:05.0873 0x1464  SSDPSRV - ok
10:39:05.0888 0x1464  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
10:39:05.0888 0x1464  SstpSvc - ok
10:39:05.0920 0x1464  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
10:39:05.0935 0x1464  Steam Client Service - ok
10:39:05.0951 0x1464  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
10:39:05.0951 0x1464  stexstor - ok
10:39:05.0951 0x1464  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\WINDOWS\System32\drivers\serscan.sys
10:39:05.0967 0x1464  StillCam - ok
10:39:05.0982 0x1464  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
10:39:06.0013 0x1464  stisvc - ok
10:39:06.0013 0x1464  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
10:39:06.0029 0x1464  storahci - ok
10:39:06.0029 0x1464  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
10:39:06.0029 0x1464  storflt - ok
10:39:06.0045 0x1464  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
10:39:06.0045 0x1464  stornvme - ok
10:39:06.0060 0x1464  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
10:39:06.0060 0x1464  StorSvc - ok
10:39:06.0076 0x1464  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
10:39:06.0076 0x1464  storvsc - ok
10:39:06.0076 0x1464  [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C4320A8AC6D8DA8F41 ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
10:39:06.0092 0x1464  storvsp - ok
10:39:06.0092 0x1464  [ 55C61C2FE4F0BA04B4B121DAD0F77CDD, D5033B2BB794F4F4017272542C3E6A0EFA59120DD14155694980325197419ABA ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
10:39:06.0123 0x1464  SUService - ok
10:39:06.0123 0x1464  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
10:39:06.0138 0x1464  svsvc - ok
10:39:06.0138 0x1464  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
10:39:06.0154 0x1464  swenum - ok
10:39:06.0170 0x1464  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
10:39:06.0185 0x1464  swprv - ok
10:39:06.0201 0x1464  [ AFB9FC97DAC435B588EACD63C3174DAA, FDE397F1202E02B1911E3C4A851918AA73BF206A44939BA981F50BC116E0E35A ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:39:06.0217 0x1464  SynTP - ok
10:39:06.0232 0x1464  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
10:39:06.0263 0x1464  SysMain - ok
10:39:06.0279 0x1464  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
10:39:06.0295 0x1464  SystemEventsBroker - ok
10:39:06.0295 0x1464  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
10:39:06.0310 0x1464  TabletInputService - ok
10:39:06.0326 0x1464  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:39:06.0342 0x1464  TapiSrv - ok
10:39:06.0388 0x1464  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
10:39:06.0451 0x1464  Tcpip - ok
10:39:06.0498 0x1464  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:39:06.0560 0x1464  TCPIP6 - ok
10:39:06.0560 0x1464  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
10:39:06.0576 0x1464  tcpipreg - ok
10:39:06.0576 0x1464  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
10:39:06.0592 0x1464  tdx - ok
10:39:06.0685 0x1464  [ 8EA86BC14E5AE25E4DA5C742587FB1A4, F95A56D5C651596AFDF0B794F4F2920CE5193333CE96D26D9A6645E6417ABA47 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
10:39:06.0763 0x1464  TeamViewer9 - ok
10:39:06.0779 0x1464  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
10:39:06.0779 0x1464  terminpt - ok
10:39:06.0810 0x1464  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:39:06.0826 0x1464  TermService - ok
10:39:06.0842 0x1464  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
10:39:06.0857 0x1464  Themes - ok
10:39:06.0857 0x1464  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
10:39:06.0857 0x1464  THREADORDER - ok
10:39:06.0873 0x1464  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
10:39:06.0888 0x1464  TimeBroker - ok
10:39:06.0888 0x1464  [ D6265A9008DC7B6411ACBAEB7CA26F75, C4992ACB4BB2BBB7249B52791BF4E5ED67AC854998733A7BBC6CEB3275D6726D ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
10:39:06.0904 0x1464  TPHKLOAD - ok
10:39:06.0920 0x1464  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
10:39:06.0920 0x1464  TPM - ok
10:39:06.0935 0x1464  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwr64v.sys
10:39:06.0935 0x1464  TPPWRIF - ok
10:39:06.0951 0x1464  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
10:39:06.0951 0x1464  TrkWks - ok
10:39:06.0967 0x1464  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
10:39:06.0967 0x1464  TrustedInstaller - ok
10:39:06.0982 0x1464  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
10:39:06.0998 0x1464  TsUsbFlt - ok
10:39:06.0998 0x1464  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
10:39:07.0013 0x1464  TsUsbGD - ok
10:39:07.0013 0x1464  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
10:39:07.0029 0x1464  tunnel - ok
10:39:07.0029 0x1464  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
10:39:07.0045 0x1464  uagp35 - ok
10:39:07.0045 0x1464  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
10:39:07.0060 0x1464  UASPStor - ok
10:39:07.0060 0x1464  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
10:39:07.0076 0x1464  UCX01000 - ok
10:39:07.0076 0x1464  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
10:39:07.0092 0x1464  udfs - ok
10:39:07.0107 0x1464  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
10:39:07.0107 0x1464  UEFI - ok
10:39:07.0123 0x1464  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
10:39:07.0123 0x1464  UI0Detect - ok
10:39:07.0138 0x1464  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
10:39:07.0138 0x1464  uliagpkx - ok
10:39:07.0154 0x1464  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
10:39:07.0154 0x1464  umbus - ok
10:39:07.0170 0x1464  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
10:39:07.0170 0x1464  UmPass - ok
10:39:07.0185 0x1464  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
10:39:07.0201 0x1464  UmRdpService - ok
10:39:07.0201 0x1464  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:39:07.0232 0x1464  upnphost - ok
10:39:07.0232 0x1464  [ 8047D8AFA070A4C3B9FCBDBF77A84C45, D8B47716EE57391E3B9CBE3B35FF1F933F08E40B1C8C12EB5BE2438D9E409FF0 ] usb3Hub         C:\WINDOWS\System32\drivers\usb3Hub.sys
10:39:07.0232 0x1464  usb3Hub - ok
10:39:07.0248 0x1464  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
10:39:07.0248 0x1464  USBAAPL64 - ok
10:39:07.0263 0x1464  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
10:39:07.0263 0x1464  usbccgp - ok
10:39:07.0279 0x1464  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
10:39:07.0279 0x1464  usbcir - ok
10:39:07.0295 0x1464  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
10:39:07.0295 0x1464  usbehci - ok
10:39:07.0310 0x1464  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
10:39:07.0326 0x1464  usbhub - ok
10:39:07.0342 0x1464  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
10:39:07.0373 0x1464  USBHUB3 - ok
10:39:07.0373 0x1464  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
10:39:07.0388 0x1464  usbohci - ok
10:39:07.0388 0x1464  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
10:39:07.0404 0x1464  usbprint - ok
10:39:07.0404 0x1464  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
10:39:07.0420 0x1464  usbscan - ok
10:39:07.0420 0x1464  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
10:39:07.0435 0x1464  USBSTOR - ok
10:39:07.0435 0x1464  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
10:39:07.0451 0x1464  usbuhci - ok
10:39:07.0451 0x1464  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
10:39:07.0467 0x1464  USBXHCI - ok
10:39:07.0482 0x1464  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
10:39:07.0482 0x1464  VaultSvc - ok
10:39:07.0498 0x1464  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
10:39:07.0498 0x1464  vdrvroot - ok
10:39:07.0529 0x1464  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
10:39:07.0560 0x1464  vds - ok
10:39:07.0576 0x1464  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
10:39:07.0576 0x1464  VerifierExt - ok
10:39:07.0592 0x1464  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
10:39:07.0623 0x1464  vhdmp - ok
10:39:07.0623 0x1464  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
10:39:07.0639 0x1464  viaide - ok
10:39:07.0639 0x1464  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
10:39:07.0654 0x1464  Vid - ok
10:39:07.0654 0x1464  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
10:39:07.0670 0x1464  vmbus - ok
10:39:07.0670 0x1464  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
10:39:07.0685 0x1464  VMBusHID - ok
10:39:07.0701 0x1464  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
10:39:07.0717 0x1464  vmbusr - ok
10:39:07.0732 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
10:39:07.0748 0x1464  vmicguestinterface - ok
10:39:07.0764 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
10:39:07.0779 0x1464  vmicheartbeat - ok
10:39:07.0795 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
10:39:07.0810 0x1464  vmickvpexchange - ok
10:39:07.0810 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
10:39:07.0826 0x1464  vmicrdv - ok
10:39:07.0842 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
10:39:07.0857 0x1464  vmicshutdown - ok
10:39:07.0889 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
10:39:07.0904 0x1464  vmictimesync - ok
10:39:07.0904 0x1464  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
10:39:07.0920 0x1464  vmicvss - ok
10:39:07.0935 0x1464  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
10:39:07.0935 0x1464  volmgr - ok
10:39:07.0951 0x1464  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
10:39:07.0967 0x1464  volmgrx - ok
10:39:07.0982 0x1464  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
10:39:07.0998 0x1464  volsnap - ok
10:39:07.0998 0x1464  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
10:39:08.0014 0x1464  vpci - ok
10:39:08.0014 0x1464  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
10:39:08.0029 0x1464  vpcivsp - ok
10:39:08.0029 0x1464  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
10:39:08.0045 0x1464  vsmraid - ok
10:39:08.0076 0x1464  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\WINDOWS\system32\vssvc.exe
10:39:08.0107 0x1464  VSS - ok
10:39:08.0123 0x1464  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
10:39:08.0139 0x1464  VSTXRAID - ok
10:39:08.0139 0x1464  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
10:39:08.0154 0x1464  vwifibus - ok
10:39:08.0154 0x1464  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
10:39:08.0170 0x1464  vwififlt - ok
10:39:08.0170 0x1464  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
10:39:08.0170 0x1464  vwifimp - ok
10:39:08.0185 0x1464  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
10:39:08.0201 0x1464  W32Time - ok
10:39:08.0217 0x1464  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
10:39:08.0217 0x1464  WacomPen - ok
10:39:08.0217 0x1464  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:39:08.0233 0x1464  Wanarp - ok
10:39:08.0233 0x1464  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:39:08.0248 0x1464  Wanarpv6 - ok
10:39:08.0279 0x1464  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
10:39:08.0311 0x1464  wbengine - ok
10:39:08.0326 0x1464  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
10:39:08.0342 0x1464  WbioSrvc - ok
10:39:08.0358 0x1464  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
10:39:08.0373 0x1464  Wcmsvc - ok
10:39:08.0389 0x1464  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
10:39:08.0404 0x1464  wcncsvc - ok
10:39:08.0404 0x1464  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
10:39:08.0420 0x1464  WcsPlugInService - ok
10:39:08.0420 0x1464  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
10:39:08.0436 0x1464  WdBoot - ok
10:39:08.0451 0x1464  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
10:39:08.0467 0x1464  Wdf01000 - ok
10:39:08.0483 0x1464  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
10:39:08.0498 0x1464  WdFilter - ok
10:39:08.0498 0x1464  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
10:39:08.0514 0x1464  WdiServiceHost - ok
10:39:08.0514 0x1464  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
10:39:08.0529 0x1464  WdiSystemHost - ok
10:39:08.0529 0x1464  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
10:39:08.0545 0x1464  WdNisDrv - ok
10:39:08.0545 0x1464  WdNisSvc - ok
10:39:08.0561 0x1464  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:39:08.0576 0x1464  WebClient - ok
10:39:08.0576 0x1464  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
10:39:08.0592 0x1464  Wecsvc - ok
10:39:08.0592 0x1464  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
10:39:08.0608 0x1464  WEPHOSTSVC - ok
10:39:08.0608 0x1464  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
10:39:08.0623 0x1464  wercplsupport - ok
10:39:08.0623 0x1464  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
10:39:08.0639 0x1464  WerSvc - ok
10:39:08.0654 0x1464  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
10:39:08.0654 0x1464  WFPLWFS - ok
10:39:08.0654 0x1464  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
10:39:08.0670 0x1464  WiaRpc - ok
10:39:08.0670 0x1464  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
10:39:08.0686 0x1464  WIMMount - ok
10:39:08.0686 0x1464  WinDefend - ok
10:39:08.0701 0x1464  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
10:39:08.0733 0x1464  WinHttpAutoProxySvc - ok
10:39:08.0748 0x1464  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:39:08.0764 0x1464  Winmgmt - ok
10:39:08.0811 0x1464  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
10:39:08.0858 0x1464  WinRM - ok
10:39:08.0873 0x1464  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
10:39:08.0889 0x1464  WinUsb - ok
10:39:08.0920 0x1464  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
10:39:08.0951 0x1464  WlanSvc - ok
10:39:08.0983 0x1464  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
10:39:09.0014 0x1464  wlidsvc - ok
10:39:09.0030 0x1464  [ 810D99C5DB8A44D1E3733B93DAACB65A, 98AFD5FCAB54B4235856A293C106B59C5A093ED102BAE759EC9D03396A5ECA2C ] wmbclass        C:\WINDOWS\System32\drivers\wmbclass.sys
10:39:09.0045 0x1464  wmbclass - ok
10:39:09.0061 0x1464  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
10:39:09.0061 0x1464  WmiAcpi - ok
10:39:09.0076 0x1464  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
10:39:09.0092 0x1464  wmiApSrv - ok
10:39:09.0092 0x1464  WMPNetworkSvc - ok
10:39:09.0092 0x1464  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
10:39:09.0108 0x1464  Wof - ok
10:39:09.0139 0x1464  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
10:39:09.0186 0x1464  workfolderssvc - ok
10:39:09.0186 0x1464  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
10:39:09.0201 0x1464  wpcfltr - ok
10:39:09.0201 0x1464  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
10:39:09.0217 0x1464  WPCSvc - ok
10:39:09.0217 0x1464  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
10:39:09.0233 0x1464  WPDBusEnum - ok
10:39:09.0233 0x1464  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
10:39:09.0248 0x1464  WpdUpFltr - ok
10:39:09.0248 0x1464  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
10:39:09.0264 0x1464  ws2ifsl - ok
10:39:09.0264 0x1464  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
10:39:09.0280 0x1464  wscsvc - ok
10:39:09.0280 0x1464  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
10:39:09.0295 0x1464  WSDPrintDevice - ok
10:39:09.0295 0x1464  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
10:39:09.0295 0x1464  WSDScan - ok
10:39:09.0311 0x1464  WSearch - ok
10:39:09.0373 0x1464  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
10:39:09.0451 0x1464  WSService - ok
10:39:09.0530 0x1464  [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
10:39:09.0608 0x1464  wuauserv - ok
10:39:09.0608 0x1464  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
10:39:09.0623 0x1464  WudfPf - ok
10:39:09.0623 0x1464  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
10:39:09.0639 0x1464  WUDFRd - ok
10:39:09.0639 0x1464  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
10:39:09.0655 0x1464  WUDFSensorLP - ok
10:39:09.0655 0x1464  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
10:39:09.0670 0x1464  wudfsvc - ok
10:39:09.0686 0x1464  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
10:39:09.0686 0x1464  WUDFWpdFs - ok
10:39:09.0701 0x1464  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
10:39:09.0701 0x1464  WUDFWpdMtp - ok
10:39:09.0717 0x1464  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
10:39:09.0733 0x1464  WwanSvc - ok
10:39:09.0748 0x1464  [ 24E57041608ED6A9D7FDAD0D9EC214E2, 895A16072F5EFFF57A7DCA21917540726BF816A2746EC47A066AAD363F69E5D7 ] XHCIPort        C:\WINDOWS\System32\drivers\XHCIPort.sys
10:39:09.0748 0x1464  XHCIPort - ok
10:39:09.0826 0x1464  [ 3E7427F3D0AAF5E114BFFE86C9FBAAD2, 5226BE5E7B1873AD0ADC397139160F9A57D8F62C59E12A245EBF28B925DC8A6F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
10:39:09.0889 0x1464  ZeroConfigService - ok
10:39:09.0905 0x1464  ================ Scan global ===============================
10:39:09.0905 0x1464  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
10:39:09.0920 0x1464  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
10:39:09.0920 0x1464  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
10:39:09.0936 0x1464  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
10:39:09.0936 0x1464  [ Global ] - ok
10:39:09.0936 0x1464  ================ Scan MBR ==================================
10:39:09.0936 0x1464  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:39:09.0983 0x1464  \Device\Harddisk0\DR0 - ok
10:39:09.0983 0x1464  ================ Scan VBR ==================================
10:39:09.0983 0x1464  [ 6D50BEE7AD45AAAFACB2770B6E2A1347 ] \Device\Harddisk0\DR0\Partition1
10:39:09.0983 0x1464  \Device\Harddisk0\DR0\Partition1 - ok
10:39:09.0983 0x1464  [ 1539EB2638632604B6BBF1B94288992C ] \Device\Harddisk0\DR0\Partition2
10:39:09.0983 0x1464  \Device\Harddisk0\DR0\Partition2 - ok
10:39:09.0998 0x1464  [ EA3635D56F04A27002F9975BA4924F5C ] \Device\Harddisk0\DR0\Partition3
10:39:09.0998 0x1464  \Device\Harddisk0\DR0\Partition3 - ok
10:39:09.0998 0x1464  [ 8C1A03CA2771678E15C15716C08EDFCB ] \Device\Harddisk0\DR0\Partition4
10:39:09.0998 0x1464  \Device\Harddisk0\DR0\Partition4 - ok
10:39:09.0998 0x1464  [ 18327107E7975A34B70298D53C35595F ] \Device\Harddisk0\DR0\Partition5
10:39:09.0998 0x1464  \Device\Harddisk0\DR0\Partition5 - ok
10:39:09.0998 0x1464  [ EBDCF0C6F01872738F8DF1EE61F95FCB ] \Device\Harddisk0\DR0\Partition6
10:39:09.0998 0x1464  \Device\Harddisk0\DR0\Partition6 - ok
10:39:10.0014 0x1464  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition7
10:39:10.0014 0x1464  \Device\Harddisk0\DR0\Partition7 - ok
10:39:10.0014 0x1464  ================ Scan generic autorun ======================
10:39:10.0233 0x1464  [ 047D94A22B47AF83DDE4E32BB4E06D0A, CB9257995C67A1A44D6D316C36D3AAEF639BFD51A26C699D70FD047C45440CA5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:39:10.0452 0x1464  RTHDVCPL - ok
10:39:10.0483 0x1464  [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:39:10.0514 0x1464  RtHDVBg_Dolby - ok
10:39:10.0530 0x1464  [ 8B989194251C259D9011F2E720197819, 9262D6154AE70638D7D68A9CD4BEFCB5497DBEC1C20994E3311CA3AA8554A77B ] C:\Program Files\Lenovo\HOTKEY\extapsup.exe
10:39:10.0545 0x1464  LenovoOptMouseUpdate - ok
10:39:10.0545 0x1464  [ 43CE4DA94493F5229B461D9F126CB760, 55A8107C211337331EAD9938D9E92CDB54BC30C2B79BC027153BE0A90C1C7464 ] C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe
10:39:10.0561 0x1464  LenovoNal - ok
10:39:10.0592 0x1464  [ 8494A5534A9090FBF964D9EEDB8FB50E, 46D6328ADC05D9E492069F9EDCB4908D7990FB645B2016B963CC0E5D1635E049 ] C:\Program Files\Lenovo\Password Manager\password_manager.exe
10:39:10.0624 0x1464  PasswordManager - ok
10:39:10.0624 0x1464  [ F1166FD33B070CEC1712B4B5924EF6A0, E5F9FF971AE739F4E2CB2FE7A16BFB04C0F232AE306B963259534ECED198530B ] C:\WINDOWS\system32\igfxtray.exe
10:39:10.0639 0x1464  IgfxTray - ok
10:39:10.0655 0x1464  [ 3A0CAE170B40B698B971CD86703A31C9, 750B922113AE745887DE81724E628FBE3B9EF7A9416EC3F871EEE87924DB7E79 ] C:\WINDOWS\system32\hkcmd.exe
10:39:10.0670 0x1464  HotKeysCmds - ok
10:39:10.0686 0x1464  [ 526F012D602DE93D7C438751A301C68D, 94D14709BF911087E2AD6D99E358487C3D8F5504892D011843AF54E70D7B10D7 ] C:\WINDOWS\system32\igfxpers.exe
10:39:10.0717 0x1464  Persistence - ok
10:39:10.0733 0x1464  [ F1A99AFEF8520724573A6DC672FFF45E, C897A8E0DA9DFD325BA1A2103CBD197910B979AB23F9929FDE0A7FA7115A0D50 ] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
10:39:10.0749 0x1464  LnvMobHotspotClient - ok
10:39:10.0780 0x1464  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
10:39:10.0795 0x1464  LMCSSTART1 - ok
10:39:10.0795 0x1464  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
10:39:10.0795 0x1464  LMCSSTART2 - ok
10:39:10.0811 0x1464  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
10:39:10.0811 0x1464  LMCSSTART3 - ok
10:39:10.0811 0x1464  SynTPEnh - ok
10:39:10.0811 0x1464  [ 9CBEE48C8C5BB8BEED9F68D6FE66C3C5, CE52DC224F12FA71E399127590C9C417A7FC6D8E58B7D3FF0175DC4AAF52F3ED ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
10:39:10.0827 0x1464  IMSS - ok
10:39:10.0858 0x1464  [ 040E1896190EA93D1B4DE31AC7B8F216, EA144E0ED16887498623BA67F7209FC1A58195B077A832250B27AF0C6B9D043D ] C:\Program Files (x86)\Integrated Camera\monitor.exe
10:39:10.0889 0x1464  Integrated Camera_Monitor - ok
10:39:10.0889 0x1464  [ 49CD8D25D932C5BF867EBFF00D432B75, D107F7736AC8D43CE93ABDE1A8038D8FE87779F25F41B3FD1E942DF439581236 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
10:39:10.0905 0x1464  Intel AppUp(R) center - ok
10:39:10.0905 0x1464  [ 35048D8E8A0BF7A797CD5757ACD7EED0, 890FCF24869614B3990B575A588ECB35C25A5B896F21BF9C66D43C93787FDD7A ] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
10:39:10.0920 0x1464  CLMLServer - ok
10:39:10.0920 0x1464  [ 99ECAF298145F950B1326656167FBFDF, 77573FE19E2C16AB6D7DD3B689D5E926A86793491D6915E76999BA19A35265EA ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
10:39:10.0920 0x1464  RemoteControl10 - ok
10:39:10.0936 0x1464  [ 7A976D2AD5BA306D5E9B56CC15D71E2F, 6C283F81F52F0977C11C67CEB36951D670C3840AD5E2F1211A6DF8A252E49C3B ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
10:39:10.0936 0x1464  BDRegion - ok
10:39:10.0952 0x1464  [ 234A97B6DDEB046CA8AFAACD4D0CFC10, D68014B613D3637AC68A3F322424EA5700FF8EB63B6A6481F3BDCC1BD24D7233 ] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
10:39:10.0952 0x1464  UpdatePPShortCut - ok
10:39:10.0967 0x1464  [ 3B350B20FDF218B6F52AE76F7F954C6C, 9DE0EA7C081D3189C1EBB7C3D5E6545845B13D914AA1BC303A6CB67D2608FF43 ] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
10:39:10.0983 0x1464  InstantBurn - ok
10:39:10.0999 0x1464  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:39:10.0999 0x1464  SunJavaUpdateSched - ok
10:39:11.0014 0x1464  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
10:39:11.0014 0x1464  iTunesHelper - ok
10:39:11.0014 0x1464  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
10:39:11.0030 0x1464  HP Software Update - ok
10:39:11.0030 0x1464  Waiting for KSN requests completion. In queue: 176
10:39:12.0046 0x1464  Waiting for KSN requests completion. In queue: 176
10:39:13.0061 0x1464  Waiting for KSN requests completion. In queue: 176
10:39:14.0108 0x1464  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
10:39:14.0108 0x1464  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x41000 ( enabled : updated )
10:39:14.0124 0x1464  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x41010 ( enabled )
10:39:16.0499 0x1464  ============================================================
10:39:16.0499 0x1464  Scan finished
10:39:16.0499 0x1464  ============================================================
10:39:16.0515 0x24cc  Detected object count: 0
10:39:16.0515 0x24cc  Actual detected object count: 0
10:40:50.0336 0x14d8  Deinitialize success
         

Alt 07.10.2015, 19:10   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2015, 20:35   #6
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 07.10.2015
Suchlaufzeit: 19:31
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.10.07.05
Rootkit-Datenbank: v2015.10.06.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Christoph

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 530583
Abgelaufene Zeit: 7 Min., 47 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Vonteera, C:\Users\Christoph\AppData\Roaming\Convertor\Convertor.exe, 7688, Löschen bei Neustart, [1d04a9ab8605bd7932cb7c0128ddfa06]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 20
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [829f4a0abecd50e645f4cf2d867ccd33], 
PUP.Software.Updater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AmiUpdXp, Löschen bei Neustart, [e53c163edbb0072f18e9fce3d2329070], 
PUP.Optional.Convertor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Convertor, Löschen bei Neustart, [ff22dd77642789aded9069db9d669e62], 
PUP.Optional.WinKit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinKit, Löschen bei Neustart, [26fb66eeee9dbd79421d6dd7c1422ad6], 
PUP.Optional.Winsta, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Winsta Update, Löschen bei Neustart, [32ef58fcf398f4423f219ba9798a33cd], 
PUP.Optional.Qone8.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\qone8Software, In Quarantäne, [8a97d87ca5e63cfa74742054749039c7], 
PUP.Optional.WindowsProtectManger, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, In Quarantäne, [80a13024dead6acccd4f68727d874db3], 
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\WebexpEnhancedV1, In Quarantäne, [130ef95b8efd989efc84a2365ea6f10f], 
PUP.Optional.QuickStart, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [9f82381ce8a3f73fa1a74e78f80c12ee], 
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\EBKJOEJLIMAFGHKDFNNNFMMCEJBJKKDA, In Quarantäne, [a08157fdbecd1f17ed9131a707fd9b65], 
PUP.Optional.VideoPlayer, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\LJKGEGFNBPMFAAIANAIKMLKCAHKJPGLC, In Quarantäne, [9a87a1b3abe09f97abfce2f41de74eb2], 
PUP.Optional.Widdit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}, In Quarantäne, [25fc8bc9c1cad363a8183d9ca46023dd], 
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, In Quarantäne, [0e135cf8513a7eb839b03a0a8a79ba46], 
PUP.Optional.InstallCore, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\InstallCore, In Quarantäne, [d24f82d2d0bbe3536d2bc2f2f113e51b], 
PUP.Optional.ReMarkIt, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [36eb0a4a2e5dfa3cf85b1cabed1736ca], 
PUP.Optional.Conduit, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [75ace1733a51f04684365051699bf50b], 
PUP.Optional.Widdit, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}, In Quarantäne, [d849c391820962d43a834d8cc3418b75], 
PUP.Optional.Qone8.ShrtCln, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [5dc45df773181f17135d43a2e222817f], 
PUP.Optional.FastStart, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [e93894c0662595a1852459528a7a0ff1], 
PUP.Optional.Widdit, HKU\S-1-5-21-1132157785-3674912610-306245377-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}, In Quarantäne, [b36ed77de5a6ef47fac34990699b7b85], 

Registrierungswerte: 11
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ebkjoejlimafghkdfnnnfmmcejbjkkda|path, C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha844\ch\WebexpEnhancedV1alpha844.crx, In Quarantäne, [a08157fdbecd1f17ed9131a707fd9b65]
PUP.Optional.VideoPlayer, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ljkgegfnbpmfaaianaikmlkcahkjpglc|path, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ch\VideoPlayerV3beta21.crx, In Quarantäne, [9a87a1b3abe09f97abfce2f41de74eb2]
PUP.Optional.Widdit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=75087&gid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&dbCode=1&command={searchTerms}, In Quarantäne, [25fc8bc9c1cad363a8183d9ca46023dd]
PUP.Optional.CertifiedToolBar.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385303445756&tguid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&q=%s, In Quarantäne, [ac75b69e9cef71c5a037f166e3200ff1]
PUP.Optional.VideoPlayer, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta21.net, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff, In Quarantäne, [3fe274e0d3b8082e8b1d706627ddbf41]
PUP.Optional.FastStart, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7rou3qih.default\extensions\faststartff@gmail.com, In Quarantäne, [978a3024137853e3208af0bb2fd5a65a]
PUP.Optional.Conduit, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.bing.com/search?pc=COSP&ptag=D100615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}, In Quarantäne, [75ace1733a51f04684365051699bf50b]
PUP.Optional.Widdit, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=75087&gid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&dbCode=1&command={searchTerms}, In Quarantäne, [d849c391820962d43a834d8cc3418b75]
PUP.Optional.Qone8.ShrtCln, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.qone8.com/web/?type=ds&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C&q={searchTerms}, In Quarantäne, [5dc45df773181f17135d43a2e222817f]
PUP.Optional.FastStart, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [e93894c0662595a1852459528a7a0ff1]
PUP.Optional.Widdit, HKU\S-1-5-21-1132157785-3674912610-306245377-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D1B8CBC9-4664-448E-87D4-D3AF948AAB46}|SuggestionsURL_JSON, hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=75087&gid=75087-8679-1385303445756-B03A5A3A3B35E8BEC5132D44B68EF377&dbCode=1&command={searchTerms}, In Quarantäne, [b36ed77de5a6ef47fac34990699b7b85]

Registrierungsdaten: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C),Ersetzt,[4bd6252f93f8290d7c240c7d4db8ef11]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ec352c28fd8e1e186b367712d431f20e]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1402228412&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C),Ersetzt,[2bf6c3915d2ecc6a8d13f594be47d62a]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e33ea6aefe8d56e0e3be0c7d6f966b95]
PUP.Optional.Conduit, HKU\S-1-5-21-1132157785-3674912610-306245377-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470, Gut: (www.google.com), Schlecht: (hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470),Ersetzt,[3ce593c1028938fedc70fd8e798c39c7]

Ordner: 19
PUP.Optional.Convert, C:\Users\Christoph\AppData\Roaming\Convertor, Löschen bei Neustart, [37eacd8799f2290d0a602b63c93b43bd], 
PUP.Optional.Convert, C:\Users\Christoph\AppData\Roaming\PDFConvert, In Quarantäne, [35ecb2a2c1ca23134327bed0b252ed13], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\ProductivityBoss_e5, Löschen bei Neustart, [eb36b59f3259ac8a273cf8c29a6a60a0], 
PUP.Optional.Winsta, C:\Users\Christoph\AppData\Roaming\Winsta\bin, In Quarantäne, [a77a371d7417003674f0d3155ba9b749], 
PUP.Optional.Winsta, C:\Users\Christoph\AppData\Roaming\Winsta, In Quarantäne, [a77a371d7417003674f0d3155ba9b749], 
PUP.Optional.OpenCandy, C:\Users\Christoph\AppData\Roaming\OpenCandy, In Quarantäne, [0a1773e1fc8f270fc7062ae2aa59ce32], 
PUP.Optional.OpenCandy, C:\Users\Christoph\AppData\Roaming\OpenCandy\00FA85C579B346FE87C2305A0448F659, In Quarantäne, [0a1773e1fc8f270fc7062ae2aa59ce32], 
PUP.Optional.OpenCandy, C:\Users\Christoph\AppData\Roaming\OpenCandy\3DC1FD2F7BE5470580E9150AC89286EF, In Quarantäne, [0a1773e1fc8f270fc7062ae2aa59ce32], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [002178dc8803ae88bbfe6ea6b15233cd], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer, In Quarantäne, [89980c48a0eb4ee864037bae33d0a957], 
PUP.Optional.LolliScan, C:\ProgramData\LolliScan, In Quarantäne, [ad7475df721996a0f6c25fcdf80b3dc3], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\LocalLow\Allin1Convert_8hEI, In Quarantäne, [59c82f25f59673c38e12f03f70936e92], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\LocalLow\Allin1Convert_8hEI\Installr, In Quarantäne, [59c82f25f59673c38e12f03f70936e92], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\LocalLow\Allin1Convert_8hEI\Installr\Cache, In Quarantäne, [59c82f25f59673c38e12f03f70936e92], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\chrome, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\META-INF, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\plugins, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 

Dateien: 45
PUP.Optional.Vonteera, C:\Users\Christoph\AppData\Roaming\Convertor\Convertor.exe, Löschen bei Neustart, [1d04a9ab8605bd7932cb7c0128ddfa06], 
PUP.Optional.Vonteera, C:\Users\Christoph\AppData\Roaming\PDFConvert\SWUpdate.exe, In Quarantäne, [e73a58fc216a6bcba459017c5ea7cc34], 
PUP.Optional.Vonteera, C:\Users\Christoph\AppData\Roaming\Winsta\bin\Winsta.exe, In Quarantäne, [b76a0a4accbf53e39f5ea2dbab5ae51b], 
PUP.Optional.OpenCandy, C:\Users\Christoph\Downloads\SetupImgBurn_2.5.8.0.exe, In Quarantäne, [47da292bb8d342f448ba7e3319ec43bd], 
PUP.Optional.Qone8.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml, In Quarantäne, [d0518aca117a300660874d27fb09847c], 
PUP.Optional.Convert, C:\Users\Christoph\AppData\Roaming\Convertor\tosty.dat, In Quarantäne, [37eacd8799f2290d0a602b63c93b43bd], 
PUP.Optional.Convert, C:\Users\Christoph\AppData\Roaming\PDFConvert\tosty.dat, In Quarantäne, [35ecb2a2c1ca23134327bed0b252ed13], 
PUP.Optional.WinKit, C:\Windows\System32\Tasks\WinKit, In Quarantäne, [ec351440315aab8b58137b13e71d20e0], 
PUP.Optional.Winsta, C:\Windows\System32\Tasks\Winsta Update, In Quarantäne, [ae7391c3cac1e056ed7f90fe659fc23e], 
PUP.Optional.Convertor, C:\Windows\System32\Tasks\Convertor, In Quarantäne, [74ad22325635e155a0c0d3bd21e3b64a], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\ProductivityBoss_e5\13BCADA9-54E6-4CD8-8BED-ABDD27EDAB1F.sqlite, Löschen bei Neustart, [eb36b59f3259ac8a273cf8c29a6a60a0], 
PUP.Optional.QuickStart, C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [879aa3b1701b8fa7fd4764621de7827e], 
PUP.Optional.Winsta, C:\Users\Christoph\AppData\Roaming\Winsta\bin\tosty.dat, In Quarantäne, [a77a371d7417003674f0d3155ba9b749], 
PUP.Optional.OpenCandy, C:\Users\Christoph\AppData\Roaming\OpenCandy\00FA85C579B346FE87C2305A0448F659\TUU2014-DE-15days-AID1006184.exe, In Quarantäne, [0a1773e1fc8f270fc7062ae2aa59ce32], 
PUP.Optional.OpenCandy, C:\Users\Christoph\AppData\Roaming\OpenCandy\3DC1FD2F7BE5470580E9150AC89286EF\WcInstaller.exe, In Quarantäne, [0a1773e1fc8f270fc7062ae2aa59ce32], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avcodec-54.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avdevice-54.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avformat-54.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avutil-51.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\GuPlayer.exe, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\libfreetype-6.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\libpng15-15.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\postproc-52.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL_image.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL_ttf.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\swresample-0.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\swscale-2.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\Uninstaller.exe, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\zlib1.dll, In Quarantäne, [140dd381e2a90432a8bda683847fb24e], 
PUP.Optional.GUPlayer, C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\GUPlayer.lnk, In Quarantäne, [89980c48a0eb4ee864037bae33d0a957], 
PUP.Optional.GUPlayer, C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\Uninstall GUPlayer.lnk, In Quarantäne, [89980c48a0eb4ee864037bae33d0a957], 
PUP.Optional.LolliScan, C:\ProgramData\LolliScan\RfndNSIS.dll, In Quarantäne, [ad7475df721996a0f6c25fcdf80b3dc3], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\LocalLow\Allin1Convert_8hEI\Installr\Cache\files.ini, In Quarantäne, [59c82f25f59673c38e12f03f70936e92], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\install.rdf, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\bootstrap.js, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\chrome.manifest, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\install_old.rdf, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\chrome\e5ffxtbr.jar, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\META-INF\manifest.mf, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\META-INF\zigbert.rsa, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\META-INF\zigbert.sf, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.MindSpark, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\extensions\e5ffxtbr@www.productivityboss.com\plugins\NativeMessagingDispatcher.dll, In Quarantäne, [b46de4707d0ec670c9fa3591bf46fb05], 
PUP.Optional.Conduit, C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470");), Ersetzt,[4dd4f361b6d588ae7697efd4699c758b]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Adw Cleaner

Code:
ATTFilter
# AdwCleaner v5.011 - Bericht erstellt am 07/10/2015 um 20:21:24
# Aktualisiert am 07/10/2015 von Xplode
# Datenbank : 2015-10-07.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : Christoph - LENOVO-CPC
# Gestartet von : C:\Users\Christoph\Downloads\AdwCleaner_5.011.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
[-] Ordner Gelöscht : C:\Program Files (x86)\Cain
[-] Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerV1
[-] Ordner Gelöscht : C:\Program Files (x86)\VideoPlayerV3
[-] Ordner Gelöscht : C:\ProgramData\apn
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
[-] Ordner Gelöscht : C:\Users\Christoph\Documents\PC Speed Maximizer

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\searchplugins\bing-lavasoft.xml

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\SecuredDownload
[-] Schlüssel Gelöscht : HKCU\Software\cain
[-] Schlüssel Gelöscht : HKCU\Software\PDFConvert
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Webexp Enhanced
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Video Player
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\VideoPlayerV3
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\SecuredDownload
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\cain
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\PDFConvert
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Internetbrowser ] *****

[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D100615-A166D148A50&form=CONMHP&conlogo=CT3334470");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14b881b3c999-0ecb03a2807ce88-46544336-0-14b881b3c9a15e\"");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1425294323");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"d3f19eafc8fbf70332944098272d44798f5a5c89\"");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5850352025");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"2b0917f0eb001780e09e8eaeec611fbe87c83eeb\"");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.install", "1423917661349");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.BUTTON_STRUCTURE", "[{\"b\":224509940,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224509941,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.browser.version.last", "41.0");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.firstKnownVersion", "7.18.8.3921");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=13BCADA9-54E6-4CD8-8BED-ABDD27EDAB1F&n=781bff28&p2=^BYM^xdm012^YYA^de");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.initialized", true);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installKeysSource", "LocalStorage");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installType", "XPI");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.contextKey", "");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.dlpCountryCode", "DE");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.installDate", "2015100712");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.partnerId", "^BYM^xdm012^YYA^de");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.partnerSubId", "");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.pixelUrl", "hxxp://www.productivityboss.com/install_pixels.jhtml?partner=^BYM^xdm012^YYA^de&coId=09dd7e706fa34d26a110cc5bc1faaa04&tbGui[...]
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.success", true);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.installation.toolbarId", "13BCADA9-54E6-4CD8-8BED-ABDD27EDAB1F");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.lastActivePing", "1444228729028");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.lastKnownVersion", "7.18.8.3921");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.options.defaultSearch", false);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.options.homePageEnabled", false);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.options.keywordEnabled", false);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.options.tabEnabled", false);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.partnerPixelFired", true);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.successUrl", "hxxp://www.productivityboss.com/installComplete.jhtml");
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark._e5Members_.toolbarCollapsed", true);
[-] [C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\prefs.js] [Preference] Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "productivityboss@mindspark.com");
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : trovi.search
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : qone8
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://start.qone8.com/?type=hppp&ts=1402333406&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : dcpfhaghaadpjpgocojgnlhjcieeooel
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : mkcedibhemacmilmkpndpkoidlnmgngg
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : pelmeidfhdlhlbjimpabfcbnnojbboma
[-] [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gelöscht : hxxp://start.qone8.com/?type=hppp&ts=1402333406&from=adks&uid=INTELXSSDSCMMW240A3L_CVCS317202ZG240C

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [12064 Bytes] ##########
         
JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 Pro x64
Ran by Christoph on 07.10.2015 at 20:29:21,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\lmo0dwwe.default-1402230208753\prefs.js

user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\zoom-controls\,\new-window-button\,\privatebrowsing-button\,\save-



~~~ Chrome


[C:\Users\Christoph\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Christoph\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
pelmeidfhdlhlbjimpabfcbnnojbboma

[C:\Users\Christoph\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Christoph\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.10.2015 at 20:33:33,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 08.10.2015, 20:12   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.10.2015, 23:28   #8
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=92ca5518a3ea9f49b401905a9dfa105a
# end=init
# utc_time=2015-10-08 08:19:51
# local_time=2015-10-08 10:19:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26147
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=92ca5518a3ea9f49b401905a9dfa105a
# end=updated
# utc_time=2015-10-08 08:25:19
# local_time=2015-10-08 10:25:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=92ca5518a3ea9f49b401905a9dfa105a
# engine=26147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-08 09:08:44
# local_time=2015-10-08 11:08:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 41756 71913754 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4340260 21819656 0 0
# scanned=388385
# found=2
# cleaned=0
# scan_time=2604
sh=FEA991EE338F743FA9C5216053966ECB504F39D6 ft=1 fh=a0f99a88c0d832be vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe"
sh=16C0AABDA781E793A412F313CF74614BF5A5A598 ft=1 fh=e03a054ae78bd9f3 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\dffsetup-itunesmobiledevice.exe"
         
SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender              
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	19.0.0.185  
 Adobe Reader XI  
 Mozilla Firefox (41.0.1) 
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.99) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 x64 wmi64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST

Code:
ATTFilter
==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
() C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo Corporation) C:\Windows\SysWOW64\lmcfrundll.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [19960 2013-10-18] (Lenovo)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937968 2014-08-12] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916592 2014-07-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719456 2013-12-10] (SunplusIT, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [23416869 2014-12-18] ()
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2014-11-06] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-31]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-02-19]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F64165AB-2A4B-4C4A-B0DE-3387DEFA4101}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1132157785-3674912610-306245377-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1132157785-3674912610-306245377-1001 -> DefaultScope {D1B8CBC9-4664-448E-87D4-D3AF948AAB46} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-02] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-02] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753
FF SelectedSearchEngine: Bing®
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-02] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1132157785-3674912610-306245377-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-12-14] (Intel)
FF Plugin HKU\S-1-5-21-1132157785-3674912610-306245377-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-12-14] (Intel)
FF Extension: OkayFreedom - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\lmo0dwwe.default-1402230208753\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-25]
FF HKU\S-1-5-21-1132157785-3674912610-306245377-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-03-26]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-13]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-13]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-13]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-13]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 BitKinex; C:\Program Files (x86)\BitKinex\bitkinexsvc.exe [32944 2010-07-12] ()
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2012-04-02] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-14] (Lenovo.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21496 2013-10-18] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474608 2014-08-12] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-06] () [Datei ist nicht signiert]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS2A65\hpslpsvc64.dll [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-08-24] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [817848 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MbmLowExt; C:\Windows\System32\Drivers\MbmLowExt.sys [26112 2012-10-30] (Ericsson AB)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [72704 2012-07-03] (Ericsson AB)
R3 MkBusFilter; C:\Windows\System32\drivers\MbmDeviceFilter.sys [25600 2012-10-22] (Ericsson AB)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (CACE Technologies)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1514144 2013-12-10] (Sunplus)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-08 23:25 - 2015-10-08 23:26 - 00033950 _____ C:\Users\Christoph\Downloads\FRST.txt
2015-10-08 23:25 - 2015-10-08 23:25 - 00000000 ____D C:\Users\Christoph\Downloads\FRST-OlderVersion
2015-10-08 23:18 - 2015-10-08 23:18 - 00852720 _____ C:\Users\Christoph\Downloads\SecurityCheck.exe
2015-10-08 22:17 - 2015-10-08 22:18 - 02870984 _____ (ESET) C:\Users\Christoph\Downloads\esetsmartinstaller_deu.exe
2015-10-08 11:34 - 2015-10-08 11:34 - 00002357 _____ C:\Users\Administrator\Desktop\Sicherer Zahlungsverkehr.lnk
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ___RD C:\Users\Administrator\SkyDrive
2015-10-08 11:34 - 2015-10-08 11:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-10-08 11:32 - 2015-10-08 11:32 - 00000000 ____D C:\Users\Gast\AppData\Roaming\WebApp
2015-10-08 10:44 - 2015-10-08 10:44 - 00000000 ____D C:\Users\Gast\AppData\Roaming\LSC
2015-10-08 10:37 - 2015-10-08 10:37 - 00000000 ____D C:\Users\Gast\Documents\CyberLink
2015-10-08 10:37 - 2015-10-08 10:37 - 00000000 ____D C:\Users\Gast\AppData\Roaming\CyberLink
2015-10-08 10:37 - 2015-10-08 10:37 - 00000000 ____D C:\Users\Gast\AppData\Local\Cyberlink
2015-10-08 10:34 - 2015-10-08 10:34 - 00002357 _____ C:\Users\Gast\Desktop\Sicherer Zahlungsverkehr.lnk
2015-10-08 10:33 - 2015-10-08 10:33 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2015-10-07 20:33 - 2015-10-07 20:33 - 00001435 _____ C:\Users\Christoph\Desktop\JRT.txt
2015-10-07 20:28 - 2015-10-07 20:28 - 01798976 _____ (Malwarebytes) C:\Users\Christoph\Downloads\JRT.exe
2015-10-07 19:47 - 2015-10-07 19:47 - 01681920 _____ C:\Users\Christoph\Downloads\AdwCleaner_5.011.exe
2015-10-07 19:47 - 2015-10-07 19:47 - 01681920 _____ C:\Users\Christoph\Downloads\AdwCleaner_5.011(1).exe
2015-10-07 19:43 - 2015-10-07 19:43 - 00019840 _____ C:\Users\Christoph\Desktop\mbam.txt
2015-10-07 19:29 - 2015-10-07 19:40 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-07 19:29 - 2015-10-07 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-07 19:29 - 2015-10-07 19:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-10-07 19:29 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-07 19:29 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-07 19:28 - 2015-10-07 19:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 10:36 - 2015-10-07 10:36 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Christoph\Downloads\tdsskiller.exe
2015-10-07 09:55 - 2015-10-08 23:24 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-07 09:55 - 2015-10-07 10:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-07 09:53 - 2015-10-07 10:28 - 00000000 ____D C:\Users\Christoph\Desktop\mbar
2015-10-07 09:53 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-07 09:52 - 2015-10-07 09:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Christoph\Downloads\mbar-1.09.3.1001.exe
2015-10-07 00:36 - 2015-10-07 00:36 - 00049042 _____ C:\Users\Christoph\Desktop\Addition.txt
2015-10-07 00:35 - 2015-10-08 23:26 - 00000000 ____D C:\FRST
2015-10-07 00:35 - 2015-10-07 00:36 - 00058666 _____ C:\Users\Christoph\Desktop\FRST.txt
2015-10-07 00:34 - 2015-10-08 23:25 - 02194944 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2015-10-06 23:46 - 2015-10-08 23:23 - 00028834 _____ C:\WINDOWS\PFRO.log
2015-10-06 23:46 - 2015-10-08 23:23 - 00001808 _____ C:\WINDOWS\setupact.log
2015-10-06 23:46 - 2015-10-06 23:46 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-06 21:54 - 2015-10-06 21:54 - 00003206 _____ C:\WINDOWS\System32\Tasks\{DE396901-1936-4584-BDF0-C738D063512F}
2015-10-06 21:36 - 2015-10-06 21:37 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-06 21:36 - 2015-10-06 21:36 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\TuneUp Software
2015-10-06 21:36 - 2015-10-06 21:36 - 00000000 ____D C:\Users\Christoph\AppData\Local\TuneUp Software
2015-10-06 21:35 - 2015-10-06 21:35 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-06 21:35 - 2015-10-06 21:35 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-06 21:35 - 2015-10-06 21:35 - 00002864 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-06 21:35 - 2015-10-06 21:35 - 00002864 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-06 21:32 - 2015-10-06 21:32 - 01457952 _____ C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe
2015-10-06 21:14 - 2015-10-06 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-06 20:23 - 2015-10-07 19:40 - 00001096 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-10-06 20:23 - 2015-10-07 19:40 - 00001076 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-10-06 20:23 - 2015-10-06 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-10-06 20:02 - 2015-10-06 20:09 - 277444608 _____ C:\Users\Christoph\Downloads\kav_rescue_10.iso
2015-09-11 09:59 - 2015-09-11 10:01 - 00000000 ____D C:\Users\Christoph\Desktop\Privat
2015-09-11 09:57 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Budni
2015-09-11 09:57 - 2015-09-11 09:57 - 00000000 ____D C:\Users\Christoph\Desktop\Hobby
2015-09-11 09:56 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Steuer
2015-09-11 09:55 - 2015-09-11 09:58 - 00000000 ____D C:\Users\Christoph\Desktop\Games
2015-09-09 19:27 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 19:27 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 19:27 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 19:27 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 19:27 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 19:27 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 19:27 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 19:27 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 19:27 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 19:27 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-09 19:27 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 19:27 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 19:27 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 19:27 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 19:27 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 15:11 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 15:11 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 15:11 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 15:11 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 15:11 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 15:11 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 15:11 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 15:11 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 15:10 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 15:10 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 15:10 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 15:10 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 15:10 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 15:10 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 15:10 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 15:10 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 15:10 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 15:10 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 15:10 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 15:10 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 15:10 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 15:10 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 15:10 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 15:10 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 15:10 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 15:10 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 15:10 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 15:10 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 15:10 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 15:10 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 15:10 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 15:10 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 15:10 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 15:10 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 15:10 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 15:10 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 15:10 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 15:10 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 15:10 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 15:10 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 15:10 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 15:10 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 15:10 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 15:10 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 15:10 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 15:10 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 15:10 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 15:10 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 15:10 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 15:10 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 15:10 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 15:10 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 15:10 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 15:10 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 15:10 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 15:10 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 15:10 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 15:10 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 15:10 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-08 23:24 - 2014-07-09 18:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-08 23:24 - 2013-11-01 18:18 - 00000000 __RDO C:\Users\Christoph\SkyDrive
2015-10-08 23:24 - 2013-10-13 21:03 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-08 23:23 - 2013-11-01 18:11 - 01865607 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-08 23:23 - 2013-11-01 18:06 - 00000000 ____D C:\Users\Christoph
2015-10-08 23:23 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-08 23:23 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-08 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-08 22:36 - 2013-09-03 17:36 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-08 22:29 - 2013-10-13 21:03 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 22:19 - 2014-01-20 14:08 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5C287A0-2A63-46ED-9003-130861709F8C}
2015-10-08 11:44 - 2013-05-31 01:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-08 11:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-08 11:40 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-08 11:40 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-08 11:40 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-08 11:34 - 2014-03-04 19:32 - 00000000 ____D C:\Users\Administrator
2015-10-08 10:37 - 2013-10-25 19:33 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-07 20:31 - 2015-04-08 13:23 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-07 20:21 - 2014-02-06 15:22 - 00000000 ____D C:\AdwCleaner
2015-10-07 19:52 - 2013-09-03 17:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1132157785-3674912610-306245377-1001
2015-10-07 19:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2015-10-07 19:40 - 2015-08-07 11:12 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-07 19:40 - 2015-04-03 21:58 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® WiFi HotSpot Assistant.lnk
2015-10-07 19:40 - 2015-02-25 12:22 - 00002331 _____ C:\Users\Christoph\Desktop\Sicherer Zahlungsverkehr.lnk
2015-10-07 19:40 - 2015-02-25 12:21 - 00002305 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-10-07 19:40 - 2015-02-23 13:23 - 00001030 _____ C:\Users\Christoph\Desktop\ownCloud.lnk
2015-10-07 19:40 - 2015-02-23 13:23 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-10-07 19:40 - 2014-12-05 13:19 - 00002148 _____ C:\Users\Public\Desktop\devolo dLAN Cockpit.lnk
2015-10-07 19:40 - 2014-11-13 09:40 - 00002012 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-10-07 19:40 - 2014-07-09 18:29 - 00001301 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2015-10-07 19:40 - 2014-07-09 18:29 - 00001234 _____ C:\Users\Christoph\Desktop\Kaspersky Security Scan.lnk
2015-10-07 19:40 - 2014-06-29 13:48 - 00001311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-10-07 19:40 - 2014-06-29 13:48 - 00001305 _____ C:\Users\Public\Desktop\paint.net.lnk
2015-10-07 19:40 - 2014-06-08 10:55 - 00001800 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-07 19:40 - 2014-06-08 10:45 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-07 19:40 - 2014-06-08 09:58 - 00000665 _____ C:\Users\Christoph\Desktop\Total Commander 64 bit.lnk
2015-10-07 19:40 - 2014-06-08 09:58 - 00000651 _____ C:\Users\Christoph\Desktop\Total Commander.lnk
2015-10-07 19:40 - 2014-05-15 20:16 - 00002231 _____ C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
2015-10-07 19:40 - 2014-05-15 20:16 - 00001205 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6500 E710n-z.lnk
2015-10-07 19:40 - 2014-05-15 20:03 - 00002029 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-10-07 19:40 - 2014-04-27 14:33 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-07 19:40 - 2014-04-27 14:33 - 00002044 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-10-07 19:40 - 2014-02-04 21:59 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-10-07 19:40 - 2014-02-04 21:59 - 00001183 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-10-07 19:40 - 2014-01-21 00:28 - 00001388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-10-07 19:40 - 2014-01-21 00:28 - 00001376 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-10-07 19:40 - 2014-01-21 00:28 - 00000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-10-07 19:40 - 2014-01-20 14:09 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-07 19:40 - 2014-01-20 14:09 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-07 19:40 - 2013-12-29 21:38 - 00000706 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2015-10-07 19:40 - 2013-12-23 14:18 - 00002237 _____ C:\Users\Public\Desktop\Google Earth.lnk
2015-10-07 19:40 - 2013-11-01 18:17 - 00001461 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-07 19:40 - 2013-11-01 18:08 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-07 19:40 - 2013-10-25 19:58 - 00002027 _____ C:\Users\Public\Desktop\CyberLink Media Suite.lnk
2015-10-07 19:40 - 2013-10-13 21:04 - 00002200 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 19:40 - 2013-09-03 17:19 - 00001745 _____ C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LenovoToast.lnk
2015-10-07 19:40 - 2013-05-31 01:59 - 00002021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2015-10-07 19:40 - 2013-05-31 01:56 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2015-10-07 19:40 - 2013-05-31 01:55 - 00001961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Cloud Storage by SugarSync.lnk
2015-10-07 19:29 - 2014-02-06 13:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-07 10:09 - 2015-04-08 13:23 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-07 10:09 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-07 00:30 - 2014-07-15 15:03 - 00000000 ____D C:\Program Files\Sweet Home 3D
2015-10-07 00:29 - 2013-09-03 23:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-07 00:08 - 2015-06-24 11:04 - 00003556 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-10-06 23:46 - 2014-01-20 14:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-06 23:44 - 2013-05-31 11:33 - 00000000 ____D C:\ProgramData\Lenovo
2015-10-06 23:43 - 2013-10-21 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-06 23:43 - 2013-05-31 01:55 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-10-06 23:43 - 2013-05-31 01:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2015-10-06 23:43 - 2013-05-31 01:48 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-06 23:41 - 2015-05-10 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-06 20:23 - 2014-06-01 22:23 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-10-06 20:18 - 2014-12-13 19:21 - 00817848 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-06 20:18 - 2014-11-10 18:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-10-06 20:18 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-29 15:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-28 18:16 - 2013-09-13 15:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 19:36 - 2013-09-03 17:36 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-22 10:28 - 2013-09-03 17:20 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Nitro PDF
2015-09-21 15:24 - 2013-10-13 21:03 - 00004112 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-21 15:24 - 2013-10-13 21:03 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-19 12:36 - 2015-08-07 11:12 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Skype
2015-09-15 11:11 - 2015-06-24 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-15 11:11 - 2015-06-24 10:54 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 11:11 - 2014-12-09 14:28 - 00000000 ____D C:\Users\Christoph\AppData\Local\ownCloud
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 20:43 - 2013-08-22 16:44 - 00493144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 20:42 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-14 20:41 - 2013-09-03 17:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-11 10:03 - 2015-06-04 08:37 - 00000000 ____D C:\Users\Christoph\Desktop\Jagd Polen 2015
2015-09-11 09:55 - 2014-03-26 12:49 - 00000000 ____D C:\Users\Christoph\Desktop\Lexi
2015-09-11 09:53 - 2014-11-02 15:38 - 00000000 ____D C:\Users\Christoph\Desktop\HS21
2015-09-10 18:20 - 2013-09-03 17:19 - 00000000 ____D C:\Users\Christoph\AppData\Local\Packages

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-09-03 17:20 - 2013-12-13 12:42 - 0012405 _____ () C:\Users\Christoph\AppData\Roaming\AbsoluteReminder.xml
2014-01-20 15:03 - 2014-07-10 00:36 - 0120050 _____ () C:\Users\Christoph\AppData\Local\ars.cache
2014-01-20 15:04 - 2014-07-10 00:36 - 0503993 _____ () C:\Users\Christoph\AppData\Local\census.cache
2014-01-20 14:35 - 2014-01-20 14:35 - 0000036 _____ () C:\Users\Christoph\AppData\Local\housecall.guid.cache
2013-09-06 19:04 - 2014-06-06 16:35 - 0000466 _____ () C:\Users\Christoph\AppData\Local\RegisteredPackageInformation.xml
2013-09-10 13:27 - 2013-09-10 13:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-05-31 01:49 - 2013-05-31 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-21 00:26 - 2014-01-27 18:54 - 0002563 _____ () C:\ProgramData\hpzinstall.log
2013-05-31 01:56 - 2013-05-31 01:56 - 0000198 ____H () C:\ProgramData\Lenovo-23020.vbs
2013-05-31 01:58 - 2013-09-03 23:57 - 0002331 _____ () C:\ProgramData\MH_ErrorLog.txt

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\Lenovo-23020.vbs


Einige Dateien in TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Christoph\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Christoph\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Christoph\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Christoph\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Christoph\AppData\Local\Temp\sqlite3.dll
C:\Users\Gast\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-08 23:08

==================== Ende von FRST.txt ============================
         

Alt 10.10.2015, 00:46   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe

C:\Users\Christoph\Downloads\dffsetup-itunesmobiledevice.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.10.2015, 11:44   #10
Chris1980
 
Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



FRST

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-10-2015
durchgeführt von Christoph (2015-10-11 11:25:30) Run:1
Gestartet von C:\Users\Christoph\Downloads
Geladene Profile: Christoph &  (Verfügbare Profile: Christoph & Administrator & Gast)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe

C:\Users\Christoph\Downloads\dffsetup-itunesmobiledevice.exe
Emptytemp:
*****************

C:\Users\Christoph\Downloads\Active ISO Burner - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Christoph\Downloads\dffsetup-itunesmobiledevice.exe => erfolgreich verschoben
EmptyTemp: => 711.4 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:25:41 ====
         
Ob Defogger oder Combofix verwendet wurde kann ich nicht genau sagen. Gefunden habe ich jedenfals nichts. Soll ich das dann überspringen und mit dem DelFix weitermachen?
Was Windows Updates angeht, so soll ich als nächstes Windows 10 installieren. Ist das gut? Kann ich das ohne Bedenken machen?

Tausend Dank schonmal!!!

Alt 11.10.2015, 21:12   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Problem AppData\Roaming\5.exe - Standard

Windows 8 Problem AppData\Roaming\5.exe



Haben wir nicht benutzt, also gleich Delfix .

Win 10 ist kein Muss, ist deine Entscheidung. Einige haben Probleme damit, bei mir läufts tadellos
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 Problem AppData\Roaming\5.exe
avira, bildschirm, bonjour, browser, dnsapi.dll, dringend, feedback, firefox, flash player, google, helper, home, homepage, hotspot, iexplore.exe, kaspersky, lavasofttcpservice64.dll, lightning, mozilla, officejet, popup, problem, realtek, registry, required, scan, security, software, system, taskmanager, web companion, windows, wiso



Ähnliche Themen: Windows 8 Problem AppData\Roaming\5.exe


  1. Windows7 141861-problem-beim-starten-c-users-benutzer-appdata-roaming-babsolution-shared-enhancednt-dll.html
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (16)
  2. C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
    Log-Analyse und Auswertung - 09.10.2014 (18)
  3. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  4. Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
    Log-Analyse und Auswertung - 22.08.2014 (6)
  5. problem beim starten von c users appdata roaming newnext.me nengine.dll
    Log-Analyse und Auswertung - 11.04.2014 (1)
  6. Windows 8: Verdacht auf Virus, c:\users\*******\appdata\roaming\newnext.me\nenginge.dll
    Log-Analyse und Auswertung - 07.04.2014 (9)
  7. Problem beim Starten. C:\Users\Benutzer\AppData\Roaming\BabSolution\Shared\EnhancedNT.dll
    Plagegeister aller Art und deren Bekämpfung - 18.10.2013 (15)
  8. Windows 7: Virenfund mit AVIRA C:\Users\*****\AppData\Roaming\OpenCandy\0353524FC3A84BC188BDC2A76B84F948\Softonic_chr_p1v3.exe
    Log-Analyse und Auswertung - 16.09.2013 (9)
  9. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  10. BDS/Delf.MN.19 in C:\Users\admin\AppData\Roaming\Microsoft\Windows\unicode2.nls und weitere...
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  11. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  12. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  13. RunDll Probleme beim Starten von C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\unicode2.nls
    Log-Analyse und Auswertung - 10.12.2012 (1)
  14. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  15. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  16. TR/Offend.kdv.495935 | C:\Users\****\AppData\Roaming\Microsoft\Windows\Templates\audiodi.exe
    Log-Analyse und Auswertung - 19.02.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema Windows 8 Problem AppData\Roaming\5.exe - Hallo an Alle, ich "Dödel" benötige dringend Hilfe bei folgendem Problem. Ich bekomme ständig ein PopUp mit der Meldung: C:\Users\xxx\AppData\Roaming\5.exe Auf das angebende Gerät bzw. den Pfad kann nicht zugegriffen - Windows 8 Problem AppData\Roaming\5.exe...
Archiv
Du betrachtest: Windows 8 Problem AppData\Roaming\5.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.