Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Telekom Abuse-Meldung Bedep

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.11.2015, 17:53   #1
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Hallo,

ich habe von der Telekom eine Email bekommen mit dem Hinweis auf eine Bedep Infektion.
Ich kann diese jedoch nicht eindeutig einem Rechner zuordnen, da 3 Windows Rechner im Netzwerk laufen. Keiner zeigt Symptome, die auf Fremdsteuerung hindeuten würden, so dass ich mal einen FRST Logfile poste. Danke für die Hilfe schon mal im Voraus
FRST.txt:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
durchgeführt von Armin (Administrator) auf INTELI7-2600 (20-11-2015 18:22:44)
Gestartet von C:\Users\Armin\Desktop\trojaner-board
Geladene Profile: Armin & UpdatusUser (Verfügbare Profile: Armin & Karin & Sandra & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Elgato Systems GmbH) C:\Program Files (x86)\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TerraTec Electronic GmbH) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Dropbox, Inc.) C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(QNAP Systems, Inc.) C:\Program Files (x86)\QNAP\NetBak\NetBak.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AtherosBtStack] => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2750536 2013-11-11] (CANON INC.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8529152 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2011-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QNAP_NASNetBak] => C:\Program Files (x86)\QNAP\NetBak\NetBak.exe [720896 2009-07-10] (QNAP Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1836544 2014-08-19] (TerraTec Electronic GmbH)
HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\Run: [Dropbox Update] => C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-09] (Dropbox, Inc.)
HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2964241097-260066582-1381924632-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185616 2015-08-28] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
Startup: C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{79ebfa51-b863-45b8-8394-679f9f27fb61}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{b6ebc147-006c-4364-b377-c57cd8f7844f}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2964241097-260066582-1381924632-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2964241097-260066582-1381924632-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2964241097-260066582-1381924632-1000 -> DefaultScope {AC12E8A8-4509-41AD-BB61-11FA47893A72} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2964241097-260066582-1381924632-1000 -> {8634440F-C46D-4A6B-BA98-54378825790A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=38a861ea-c40e-40cb-a308-1ad353b27ccf&apn_sauid=61CBB3D3-B99C-4779-AB7A-4B031F35D3D2
SearchScopes: HKU\S-1-5-21-2964241097-260066582-1381924632-1000 -> {AC12E8A8-4509-41AD-BB61-11FA47893A72} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-26] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-26] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2964241097-260066582-1381924632-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Armin\AppData\Roaming\Mozilla\Firefox\Profiles\alije5x5.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Armin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-03-05] (Cisco WebEx LLC)
FF Extension: Avira Browser Safety - C:\Users\Armin\AppData\Roaming\Mozilla\Firefox\Profiles\alije5x5.default\Extensions\abs@avira.com [2015-10-23] [ist nicht signiert]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2011-12-09] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-09-02] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [227472 2015-09-26] (DTS)
R2 EyeTV Netstream; C:\Program Files (x86)\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe [400864 2013-04-15] (Elgato Systems GmbH)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-26] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-26] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-09-26] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-26] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-09-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-09-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-26] (Avira Operations GmbH & Co. KG)
R3 EyeTV_Sat_Free; C:\Windows\system32\DRIVERS\EyeTV_Sat_Free.sys [165616 2012-08-20] (Elgato Systems GmbH)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-26] (Microsoft Corporation)
S0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [86016 2006-11-14] (Marvell Semiconductor, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2011-02-16] (Western Digital Technologies) [Datei ist nicht signiert]
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-20 18:22 - 2015-11-20 18:22 - 00000000 ____D C:\FRST
2015-11-20 18:21 - 2015-11-20 18:21 - 00000000 _____ C:\Users\Armin\defogger_reenable
2015-11-20 18:19 - 2015-11-20 18:22 - 00000000 ____D C:\Users\Armin\Desktop\trojaner-board
2015-11-20 18:18 - 2015-11-20 18:18 - 00016148 _____ C:\WINDOWS\system32\INTELI7-2600_Armin_HistoryPrediction.bin
2015-11-20 16:25 - 2015-11-20 16:25 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-18 21:09 - 2015-11-18 21:09 - 00000000 ____D C:\Users\Armin\AppData\Local\{DBCC848C-E1EB-4EF1-80AF-CDBA84FDF00F}
2015-11-17 15:00 - 2015-11-17 15:00 - 00000000 ____D C:\Users\Armin\AppData\Local\{9A68236B-59C0-4417-B55D-69FDDE11AE9C}
2015-11-16 20:44 - 2015-11-16 20:44 - 00000000 ____D C:\Users\Armin\AppData\Local\{531A0EB4-FC98-4C74-B05F-81DFCAB87A9E}
2015-11-15 10:01 - 2015-11-15 10:01 - 00000000 ____D C:\Users\Armin\AppData\Local\{C06686E4-4FA9-4E0D-B80B-5F5C2FDC0617}
2015-11-14 16:58 - 2015-11-14 16:58 - 00000000 ____D C:\Users\Armin\AppData\Local\{FB40470C-9199-41FD-865C-9FED327E55B5}
2015-11-13 22:49 - 2015-11-13 22:50 - 00000000 ____D C:\Users\Armin\AppData\Local\{42B9BBFA-D41C-490C-B4D7-0A7637FF1AEE}
2015-11-12 20:52 - 2015-11-12 20:52 - 00000000 ____D C:\Users\Armin\AppData\Local\CEF
2015-11-12 20:51 - 2015-11-16 02:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-12 20:22 - 2015-11-12 20:22 - 00000000 ____D C:\Users\Armin\AppData\Local\{3849C43E-4BFE-4CD7-A76D-A4DD675058D0}
2015-11-11 20:11 - 2015-11-11 20:11 - 00000000 ____D C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 22:25 - 2015-11-05 05:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 22:25 - 2015-11-05 05:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 22:25 - 2015-11-05 05:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 22:25 - 2015-11-05 04:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 22:25 - 2015-11-05 04:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 22:25 - 2015-11-05 04:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 22:25 - 2015-11-05 04:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 22:24 - 2015-11-05 06:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 22:24 - 2015-11-05 06:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 22:24 - 2015-11-05 06:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 22:24 - 2015-11-05 06:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 22:24 - 2015-11-05 06:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 22:24 - 2015-11-05 06:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 22:24 - 2015-11-05 06:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 22:24 - 2015-11-05 06:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 22:24 - 2015-11-05 05:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 22:24 - 2015-11-05 05:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 22:24 - 2015-11-05 05:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 22:24 - 2015-11-05 05:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 22:24 - 2015-11-05 05:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 22:24 - 2015-11-05 05:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 22:24 - 2015-11-05 05:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 22:24 - 2015-11-05 05:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 22:24 - 2015-11-05 05:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 22:24 - 2015-11-05 05:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 22:24 - 2015-11-05 05:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 22:24 - 2015-11-05 05:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 22:24 - 2015-11-05 05:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 22:24 - 2015-11-05 05:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 22:24 - 2015-11-05 05:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 22:24 - 2015-11-05 05:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 22:24 - 2015-11-05 05:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 22:24 - 2015-11-05 05:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 22:24 - 2015-11-05 05:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 22:24 - 2015-11-05 05:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 22:24 - 2015-11-05 05:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 22:24 - 2015-11-05 05:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 22:24 - 2015-11-05 04:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 22:24 - 2015-11-05 04:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 22:24 - 2015-11-05 04:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 22:24 - 2015-11-05 04:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 22:24 - 2015-11-05 04:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 22:24 - 2015-11-05 04:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 22:24 - 2015-11-05 04:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 22:24 - 2015-11-05 04:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 22:24 - 2015-11-05 04:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 22:24 - 2015-11-05 04:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 22:24 - 2015-11-05 04:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 22:24 - 2015-11-05 04:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 22:24 - 2015-11-05 04:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 22:24 - 2015-11-05 04:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 22:24 - 2015-11-05 04:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 22:24 - 2015-11-05 04:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 21:14 - 2015-11-10 21:14 - 00000000 ____D C:\Users\Armin\AppData\Local\{B7C082A3-2418-4FA8-B937-8DEBD68A0788}
2015-11-09 20:11 - 2015-11-09 20:11 - 00000000 ____D C:\Users\Armin\AppData\Local\{40FBB38B-05E5-4479-BD14-DD0E6942A44F}
2015-11-08 21:14 - 2015-11-08 21:14 - 00000000 ____D C:\Users\Armin\AppData\Local\{4F981116-34D4-4262-9BB1-64704A696A59}
2015-11-08 16:52 - 2015-11-08 16:52 - 00000000 ____D C:\Users\Armin\AppData\Local\{9A7E2FAF-1E42-4902-B5C9-59B9B5339268}
2015-11-06 18:23 - 2015-11-06 18:24 - 00000000 ____D C:\Users\Armin\AppData\Local\{D959751A-0E2A-4DD9-BDD1-46FF85401521}
2015-11-05 20:46 - 2015-11-05 20:46 - 00000000 ____D C:\Users\Armin\AppData\Local\{B087318B-4842-4285-908D-794296199AF8}
2015-11-04 21:35 - 2015-11-11 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 19:27 - 2015-11-04 19:27 - 00000000 ____D C:\Users\Armin\AppData\Local\{1D6F2F03-40B6-45A9-9E6B-E7B917E122B1}
2015-11-03 21:32 - 2015-11-03 21:32 - 00000000 ____D C:\Users\Armin\AppData\Local\{71A82273-970B-46A3-9633-339D4F4979B4}
2015-11-02 19:38 - 2015-11-02 19:39 - 00000000 ____D C:\Users\Armin\AppData\Local\{B96971CB-C979-466F-BFFF-DE75C5BF31B2}
2015-11-01 16:35 - 2015-11-01 16:35 - 00000000 ____D C:\Users\Armin\AppData\Local\{A1A4D266-39CF-4EC7-9339-EE12506B44FF}
2015-11-01 09:11 - 2015-11-01 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-01 09:11 - 2015-11-01 09:11 - 00000000 ____D C:\Program Files\iTunes
2015-11-01 09:11 - 2015-11-01 09:11 - 00000000 ____D C:\Program Files\iPod
2015-11-01 09:11 - 2015-11-01 09:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-31 16:08 - 2015-10-31 16:08 - 00000000 ____D C:\Users\Armin\AppData\Local\{D77528C3-FF9C-423C-A335-6330BAE1DC39}
2015-10-30 19:13 - 2015-10-30 19:13 - 00000000 ____D C:\Users\Armin\AppData\Local\{99BE22C8-C93C-42BD-8D7A-A97A846BB1AE}
2015-10-29 17:36 - 2015-10-29 17:36 - 00000000 ____D C:\Users\Armin\AppData\Local\{89A51C37-EE2F-4B3B-AFED-A8E18BEFDCAB}
2015-10-28 19:10 - 2015-10-28 19:11 - 00000000 ____D C:\Users\Armin\AppData\Local\{45CE76DB-C82D-4311-A1AF-11BC6EF0AB6E}
2015-10-27 20:20 - 2015-10-27 20:20 - 00000000 ____D C:\Users\Armin\AppData\Local\{B5A3071E-503B-438C-A420-84B6BD183611}
2015-10-26 20:22 - 2015-10-26 20:22 - 00000000 ____D C:\Users\Armin\AppData\Local\{B299C4A0-8D48-4C1E-A5A3-D21BCD854E33}
2015-10-25 22:09 - 2015-10-25 22:10 - 00000000 ____D C:\Users\Armin\AppData\Local\{0290D2E7-B246-4066-BE9D-02674B246B9F}
2015-10-24 16:53 - 2015-10-24 16:53 - 00000000 ____D C:\Users\Armin\AppData\Local\{D675F6A0-2688-4295-859C-E5A192826E38}
2015-10-23 19:59 - 2015-10-23 19:59 - 00000743 _____ C:\Users\Armin\Documents\Daten1.lnk
2015-10-23 16:35 - 2015-10-23 16:35 - 00000000 ____D C:\Users\Armin\AppData\Local\{B6BB9CDC-32CF-4EE3-A045-3F564721A8CF}
2015-10-22 18:59 - 2015-10-22 18:59 - 00000000 ____D C:\Users\Armin\AppData\Local\{C1D57CCB-A036-43B2-B12B-A56F825634D4}
2015-10-21 18:48 - 2015-10-21 18:48 - 00000000 ____D C:\Users\Armin\AppData\Local\{D2DA5126-24C7-44D4-8BB7-855097CB8CDE}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-20 18:21 - 2015-09-26 08:25 - 00000000 ____D C:\Users\Armin
2015-11-20 18:19 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-20 18:19 - 2015-07-30 22:50 - 00029718 _____ C:\WINDOWS\setupact.log
2015-11-20 18:14 - 2012-08-29 20:37 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-20 17:42 - 2015-06-18 17:30 - 00001224 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000UA.job
2015-11-20 17:15 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-20 16:33 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-20 16:28 - 2015-09-26 09:22 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-20 16:17 - 2015-09-26 08:25 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-20 16:17 - 2015-09-10 06:10 - 00883584 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-20 16:17 - 2015-09-10 06:10 - 00195718 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-20 16:15 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-20 16:15 - 2012-08-29 20:37 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-20 16:15 - 2011-11-25 18:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-18 21:04 - 2012-03-03 12:31 - 00000000 ___RD C:\Users\Armin\Dropbox
2015-11-18 21:04 - 2012-03-03 12:29 - 00000000 ____D C:\Users\Armin\AppData\Roaming\Dropbox
2015-11-18 21:01 - 2015-09-26 08:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-18 21:01 - 2015-09-09 21:33 - 00009306 _____ C:\WINDOWS\PFRO.log
2015-11-18 21:01 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-18 21:00 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-18 21:00 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-18 20:59 - 2015-09-26 11:27 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{546F33C2-C140-4167-9D20-1B47F0EF804E}
2015-11-17 18:42 - 2015-06-18 17:30 - 00001172 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000Core.job
2015-11-16 22:00 - 2012-05-16 21:40 - 00000000 ____D C:\Users\Armin\AppData\Roaming\vlc
2015-11-12 20:52 - 2014-08-17 15:19 - 00000000 ____D C:\Users\Armin\AppData\Local\Adobe
2015-11-12 20:51 - 2015-06-04 21:26 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-12 20:51 - 2011-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-12 20:02 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 20:02 - 2011-12-08 20:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 19:57 - 2013-08-25 23:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 19:55 - 2011-11-25 18:42 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 19:51 - 2012-06-26 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 21:02 - 2014-08-14 18:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-10 21:02 - 2013-08-05 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-09 18:48 - 2011-12-29 18:48 - 00000000 ____D C:\Users\Armin\AppData\Roaming\NetBak
2015-11-04 21:32 - 2015-09-26 11:04 - 00002404 _____ C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-04 21:32 - 2015-09-26 11:04 - 00000000 ___RD C:\Users\Armin\OneDrive
2015-11-04 21:32 - 2012-02-08 21:27 - 00000000 ____D C:\Users\Armin\Downloads\xxx
2015-11-03 19:20 - 2015-07-30 23:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 19:20 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 09:10 - 2012-02-17 19:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-31 21:45 - 2015-07-10 04:24 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-10-31 21:45 - 2015-07-10 04:24 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-10-31 21:45 - 2015-07-10 04:24 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-10-31 21:45 - 2015-07-10 04:24 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-10-31 21:45 - 2015-07-10 04:14 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-10-31 21:45 - 2015-07-10 04:14 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-10-31 21:45 - 2015-07-10 04:14 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-10-31 21:45 - 2015-07-10 04:13 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-10-31 21:45 - 2015-07-10 04:12 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-10-31 21:45 - 2015-07-10 04:12 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-10-31 21:45 - 2015-07-10 04:12 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-10-29 17:24 - 2015-09-26 09:21 - 00000000 ____D C:\Windows.old

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2011-12-08 21:17 - 2014-10-09 17:00 - 0007608 _____ () C:\Users\Armin\AppData\Local\resmon.resmoncfg
2015-09-26 12:15 - 2015-09-26 12:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Armin\AppData\Local\Temp\avgnt.exe
C:\Users\Armin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw2pcjp.dll
C:\Users\Armin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Armin\AppData\Local\Temp\{381EBF56-9D8D-449B-AE39-CB8F987798F8}-DropboxClient_3.10.11.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-20 16:25

==================== Ende von FRST.txt ============================
         
Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-11-2015
durchgeführt von Armin (2015-11-20 18:23:09)
Gestartet von C:\Users\Armin\Desktop\trojaner-board
Windows 10 Pro (X64) (2015-09-26 10:02:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2964241097-260066582-1381924632-500 - Administrator - Disabled)
Armin (S-1-5-21-2964241097-260066582-1381924632-1000 - Administrator - Enabled) => C:\Users\Armin
DefaultAccount (S-1-5-21-2964241097-260066582-1381924632-503 - Limited - Disabled)
Gast (S-1-5-21-2964241097-260066582-1381924632-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2964241097-260066582-1381924632-1002 - Limited - Enabled)
Karin (S-1-5-21-2964241097-260066582-1381924632-1004 - Limited - Enabled) => C:\Users\Karin
Sandra (S-1-5-21-2964241097-260066582-1381924632-1005 - Limited - Enabled) => C:\Users\Sandra
UpdatusUser (S-1-5-21-2964241097-260066582-1381924632-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Web Premium (HKLM-x32\...\Adobe_4db064343401efd6449f33f8411c14b) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.51.1 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.3.0.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.2.20.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.2.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Dropbox (HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
EOS MOVIE Utility (HKLM-x32\...\EOS MOVIE Utility) (Version: 1.3.0.0 - Canon Inc.)
EyeTV Netstream for Windows Media Center (HKLM-x32\...\EyeTV Netstream Service) (Version: 1.01.00.16 - Elgato Systems GmbH)
EyeTV Sat Free v1.13.00.69 (HKLM-x32\...\EyeTV Sat Free v1.13.00.69) (Version: 1.13.00.69 - Elgato Systems)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
FreeFileSync 7.3 (HKLM-x32\...\FreeFileSync) (Version: 7.3 - www.FreeFileSync.org)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\iPhone Backup Extractor) (Version: 4.0.8.0 - Reincubate Ltd)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.1.0.6 - Marvell)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.3.0523 - QNAP Systems, Inc.)
QNAP NetBak Replicator (HKLM-x32\...\QNAP_NASNetBak) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - )
Silicon Laboratories USBXpress Device (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&EA61) (Version:  - )
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.31.2 - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Voltcraft - Voltsoft System Version (HKLM-x32\...\{27383738-D10F-4186-A784-7AB19733654D}_is1) (Version:  - Voltcraft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Armin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2964241097-260066582-1381924632-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Armin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04833F65-22F8-4241-B3E3-F7518E4A63C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {0493825A-AB0B-4FB7-B710-50114277F7AF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {15862FD2-E116-467E-82DF-FD83ECCAF684} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2049DB0E-ADD6-41C6-B3C1-4B4828A75A1F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2180D5A7-FD43-476B-B539-AA1B41891137} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {31B8C96B-CC00-4F7F-ADC8-DC74225AD0CE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {32CB5B7D-9807-4CA9-8E02-9323520FDD1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {332C6DDF-E45B-4982-8A85-E74B271473E7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {33BC6020-C7BD-466A-873B-E557AAD15366} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {3D183741-655F-4975-AA94-CB5AEA1D9E66} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {47320A60-33EE-4C2B-BC64-5C8D49C9F6A0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {4764E3B4-0416-49AE-8FE9-47E84216413C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {4804504E-7392-4F9A-99F3-60A7415A21C6} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] ()
Task: {4D040B64-7DE3-4258-877D-20F778DD14EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {505C4131-C5AF-42F7-A3EB-2BA19FEB436D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {54B8A753-DF1F-4A4C-A2E6-8C1C5783CC6D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {5D5B50A4-79AD-4740-AF56-E7F94E75DF90} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {6906DC6A-93E7-47FE-8121-F51FFF92F116} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {6EE52F95-9995-4CFB-915F-874BF6899DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6FB9D260-542A-4731-B2D0-7D2EE9E1E264} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6FCFB0B0-00A3-43FC-B6EE-C9D7572E8EAF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7449AA76-84E6-4B10-B3F1-92D2C29286E4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000Core => C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-09] (Dropbox, Inc.)
Task: {748FF306-A285-4713-83C5-4DD3AD789F52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8B14C381-DFDF-4359-AE56-C477B02D0D58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {960ED741-FEAF-4695-8C7B-D697264D3845} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {980C5846-F242-49F3-A7D2-03EBE6AF2F8B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {9C0C4CAF-B0FE-47E4-AA98-21153D4CD4C3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A10CD64E-79EA-468B-B99D-E353A25C18DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A2311DEC-447F-4851-8609-5E3C347D9D25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {A9BDA7C0-2FEE-405E-8729-971634C42EBE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AD968688-A56B-42F8-BCD9-2B8C47AA86E7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000UA => C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-09] (Dropbox, Inc.)
Task: {AE3B3FEC-99D7-4DFB-B0FD-4B3535B01690} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {AF6E2E5C-980B-4D14-808B-9425B8389534} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BF60CB86-A28D-48E2-9D4D-42E1777AB417} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {CA078875-AA00-4D0C-8A8E-151D06EB3421} - System32\Tasks\{509C8211-A389-4704-853A-CD1B2D6EC777} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {D1A12D3A-F0CF-4D43-9C7F-2DE9278BB18D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DA8A32A7-916C-4953-843F-213C2CF88372} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {DC2461F0-DF24-4561-9DF2-53431C19DD23} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DE61193B-562E-47B5-9561-4FA5FB0BBDAA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {F26ABAF0-AE35-4D7D-BE97-769A3EB9F575} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {FA9CADC9-E3BC-49B2-BB9C-2AC83E99C28B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {FBD8F947-B126-4039-8988-4DB125F83889} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {FD0B7BEE-F961-47B0-AA1D-FFDFFB3BD1B3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FDF532FB-B663-43A8-89C6-5C4D7E7F3C00} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000Core.job => C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2964241097-260066582-1381924632-1000UA.job => C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-09-10 06:12 - 2015-09-10 06:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2011-12-18 17:45 - 2007-04-13 07:49 - 00101528 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-26 08:24 - 2015-08-07 01:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-30 20:24 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 20:24 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-09-30 20:24 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-30 20:24 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 20:24 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 20:24 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 20:24 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-27 20:34 - 2015-10-27 20:36 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-27 20:34 - 2015-10-27 20:36 - 10958848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-10-27 20:34 - 2015-10-27 20:37 - 00245760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-22 19:03 - 2015-10-22 19:03 - 03498496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-09-10 06:12 - 2015-09-10 06:12 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-04 20:31 - 2015-11-04 20:31 - 00172544 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\80248fc6df8396505c531b53dc2cd79e\IsdiInterop.ni.dll
2011-11-25 18:41 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-10-02 17:54 - 2015-11-05 00:44 - 00166416 _____ () C:\Users\Armin\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-11-20 16:15 - 2015-11-20 16:15 - 00071168 _____ () c:\users\armin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw2pcjp.dll
2013-05-19 14:06 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\telekom-dienste.de -> telekom-dienste.de
IE trusted site: HKU\S-1-5-21-2964241097-260066582-1381924632-1000\...\telekom.de -> telekom.de

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2964241097-260066582-1381924632-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2964241097-260066582-1381924632-1006\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{CB101484-B8EF-494C-A023-62AC0F1BA0D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4AFE131-B857-499E-9DE1-2E74B33FAA95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{92ECDA03-D921-4C91-86AC-E25FA047F5CB}C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe] => (Block) C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe
FirewallRules: [TCP Query User{2053F015-8066-4925-9513-0D89E01A84B4}C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe] => (Block) C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe
FirewallRules: [{59974900-AC13-4A7F-AA26-B6D97C94E099}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe
FirewallRules: [{EF0F48D4-ED98-4F95-B4BA-29F3081D7084}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe
FirewallRules: [{B9E0386C-8D54-4E7F-B56D-3A2B18A44146}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C43BAAEA-9F72-4FED-8B19-4CD463F71D5D}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{58EAC33C-1057-490C-A2B3-15DD9481DAC7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC628995-7A44-4695-9C30-3928137970E0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{BBEB96E2-8161-434C-BAEC-0647FD3D023D}C:\program files (x86)\microsoft office\office14\powerpnt.exe] => (Allow) C:\program files (x86)\microsoft office\office14\powerpnt.exe
FirewallRules: [TCP Query User{F1EC0C89-1F2F-48D0-8B1A-7DA084A86ADF}C:\program files (x86)\microsoft office\office14\powerpnt.exe] => (Allow) C:\program files (x86)\microsoft office\office14\powerpnt.exe
FirewallRules: [UDP Query User{09B0F9C7-3879-4C6D-BC74-F5A8648A498A}C:\users\armin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\armin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D5B6A9B3-F0BE-47B6-AA5B-5CC0FEDCA8B5}C:\users\armin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\armin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1E43891F-E762-4CB1-ADB1-BF7CBB7B35AB}] => (Allow) C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{60319BE0-208E-4A7F-8BDE-8B1DC746B3EA}] => (Allow) C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{5E4C55C5-EAAC-4388-9A5F-38CACF7183C6}C:\program files (x86)\qnap\finder\finder.exe] => (Allow) C:\program files (x86)\qnap\finder\finder.exe
FirewallRules: [TCP Query User{453F0FAD-3C2D-406A-8B0D-F5292F2E16D6}C:\program files (x86)\qnap\finder\finder.exe] => (Allow) C:\program files (x86)\qnap\finder\finder.exe
FirewallRules: [UDP Query User{B81FED37-11B3-4FAE-AD3C-9C12AB6E7C60}C:\program files (x86)\qnap\netbak\netbak.exe] => (Allow) C:\program files (x86)\qnap\netbak\netbak.exe
FirewallRules: [TCP Query User{D5F896AF-922F-447D-86D1-B1EF293D3EE4}C:\program files (x86)\qnap\netbak\netbak.exe] => (Allow) C:\program files (x86)\qnap\netbak\netbak.exe
FirewallRules: [{63715546-0446-42D1-9C47-07366C02EF52}] => (Allow) LPort=1900
FirewallRules: [{A5D1AF45-4D57-408A-8FA3-6FBC5AC359DD}] => (Allow) LPort=2869
FirewallRules: [{BF6354B0-8D22-450D-824A-136CFCC6607C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{827EABB2-0800-42CE-9F4D-E323C5B52C58}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{2E31F542-6B70-4FF0-8E79-8E14C63D15C6}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{D285F955-FA1A-41D7-88A6-68CAF1298E66}] => (Allow) LPort=51001
FirewallRules: [{ECB63120-4B0A-4057-83F9-2111940BA1C0}] => (Allow) LPort=51000
FirewallRules: [{96150E14-EE41-40A0-B603-B15690D3FDD7}] => (Allow) LPort=3704
FirewallRules: [{2AF18555-C550-48DC-A135-37D025A50406}] => (Allow) LPort=3703
FirewallRules: [{16EB5EEC-9323-4848-A693-E655B5712DB1}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{C7C3E23B-FCE8-47EA-8347-1C1C7796F89E}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{BE1AAF57-D182-4189-BD79-243F2EF6B880}] => (Allow) LPort=5353
FirewallRules: [{5FC6977A-C27D-472B-976B-1A2A74E23B31}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{2B1D7539-1648-4467-A943-172783B75FB8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{74A574FD-4BE8-497C-9B6F-786C9EFC3BF4}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{FB4BA209-2548-44D2-88C8-DA4E9C2BB537}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{3D8FD6B8-B431-4D84-A835-BC7A076949EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6E48BBF-1155-47DE-9D55-F57CA41C7EB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3EA9C15-C388-4FF9-8175-D2F145D6B7FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CBC89D0-914D-45FD-BDF0-FDC3FB6D66F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A40ACA46-03F6-4018-BEB0-0BCBA8D5CAB6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29FA25FA-C05B-4755-B7F1-DCDDBC7147C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74A62165-B350-4EF4-B7DF-44FFE746BE25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DCD97B1-5D6E-45E6-8F5D-FAC1EAA59963}] => (Allow) %SystemRoot%\ehome\ehrecvr.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/20/2015 06:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0xed4
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Vollständiger Name des fehlerhaften Pakets: jucheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jucheck.exe5

Error: (11/20/2015 04:15:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/18/2015 09:03:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/18/2015 08:56:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/17/2015 02:59:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/16/2015 08:50:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(04:54:53:38:11:c3@fe80::654:53ff:fe38:11c3._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (11/16/2015 08:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Name des fehlerhaften Moduls: jucheck.exe, Version: 2.8.60.27, Zeitstempel: 0x55c116b1
Ausnahmecode: 0x40000015
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x1924
Startzeit der fehlerhaften Anwendung: 0xjucheck.exe0
Pfad der fehlerhaften Anwendung: jucheck.exe1
Pfad des fehlerhaften Moduls: jucheck.exe2
Berichtskennung: jucheck.exe3
Vollständiger Name des fehlerhaften Pakets: jucheck.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jucheck.exe5

Error: (11/16/2015 08:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 10

Error: (11/16/2015 08:44:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/16/2015 02:15:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: INTELI7-2600)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6D00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


Systemfehler:
=============
Error: (11/20/2015 04:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (11/20/2015 04:14:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (11/18/2015 10:22:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/18/2015 09:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (11/18/2015 09:01:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (11/18/2015 08:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session8" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 10:17:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session7" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/16/2015 10:01:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/16/2015 07:25:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/14/2015 11:13:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-11-20 16:27:04.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:04.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:04.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:04.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:04.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:04.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:03.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:27:03.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:26:13.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-20 16:26:13.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 12192.96 MB
Verfügbarer physikalischer RAM: 9849.52 MB
Summe virtueller Speicher: 24480.96 MB
Verfügbarer virtueller Speicher: 21937.16 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:111.26 GB) (Free:45.66 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1863.01 GB) (Free:233.21 GB) NTFS
Drive h: (VERBATIM) (Removable) (Total:117.16 GB) (Free:117.06 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6FD91AD3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 403893C9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 117.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Danke, Armin

Alt 20.11.2015, 18:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 20.11.2015, 19:59   #3
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Hallo,
anbei mbar-log-2015-11-20 (20-37-42).txt:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.20.05
  rootkit: v2015.11.14.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16590
Armin :: INTELI7-2600 [administrator]

20.11.2015 20:37:42
mbar-log-2015-11-20 (20-37-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 550152
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
und vom tdsskiller:
Code:
ATTFilter
20:49:12.0089 0x1508  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
20:49:17.0308 0x1508  ============================================================
20:49:17.0308 0x1508  Current date / time: 2015/11/20 20:49:17.0308
20:49:17.0308 0x1508  SystemInfo:
20:49:17.0308 0x1508  
20:49:17.0308 0x1508  OS Version: 10.0.10240 ServicePack: 0.0
20:49:17.0308 0x1508  Product type: Workstation
20:49:17.0308 0x1508  ComputerName: INTELI7-2600
20:49:17.0308 0x1508  UserName: Armin
20:49:17.0308 0x1508  Windows directory: C:\WINDOWS
20:49:17.0308 0x1508  System windows directory: C:\WINDOWS
20:49:17.0308 0x1508  Running under WOW64
20:49:17.0308 0x1508  Processor architecture: Intel x64
20:49:17.0308 0x1508  Number of processors: 8
20:49:17.0308 0x1508  Page size: 0x1000
20:49:17.0308 0x1508  Boot type: Normal boot
20:49:17.0308 0x1508  ============================================================
20:49:18.0027 0x1508  KLMD registered as C:\WINDOWS\system32\drivers\91379416.sys
20:49:18.0074 0x1508  System UUID: {6A811D3F-15E5-7FEF-BEDB-EDDCE3E6D103}
20:49:18.0340 0x1508  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:18.0340 0x1508  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2F00000 ( 111.80 Gb ), SectorSize: 0x200, Cylinders: 0x3902, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:18.0340 0x1508  Drive \Device\Harddisk3\DR6 - Size: 0x1D4C000000 ( 117.19 Gb ), SectorSize: 0x200, Cylinders: 0x3BC1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:49:18.0340 0x1508  ============================================================
20:49:18.0340 0x1508  \Device\Harddisk1\DR1:
20:49:18.0340 0x1508  MBR partitions:
20:49:18.0340 0x1508  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:49:18.0340 0x1508  \Device\Harddisk0\DR0:
20:49:18.0340 0x1508  MBR partitions:
20:49:18.0340 0x1508  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:49:18.0340 0x1508  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDE83800
20:49:18.0340 0x1508  \Device\Harddisk3\DR6:
20:49:18.0340 0x1508  MBR partitions:
20:49:18.0340 0x1508  \Device\Harddisk3\DR6\Partition1: MBR, Type 0xC, StartLBA 0x80, BlocksNum 0xEA5FF80
20:49:18.0340 0x1508  ============================================================
20:49:18.0340 0x1508  C: <-> \Device\Harddisk0\DR0\Partition2
20:49:18.0371 0x1508  D: <-> \Device\Harddisk1\DR1\Partition1
20:49:18.0371 0x1508  ============================================================
20:49:18.0371 0x1508  Initialize success
20:49:18.0371 0x1508  ============================================================
20:49:42.0248 0x1604  ============================================================
20:49:42.0248 0x1604  Scan started
20:49:42.0248 0x1604  Mode: Manual; SigCheck; TDLFS; 
20:49:42.0248 0x1604  ============================================================
20:49:42.0248 0x1604  KSN ping started
20:49:44.0748 0x1604  KSN ping finished: true
20:49:45.0717 0x1604  ================ Scan system memory ========================
20:49:45.0717 0x1604  System memory - ok
20:49:45.0717 0x1604  ================ Scan services =============================
20:49:45.0764 0x1604  1394ohci - ok
20:49:45.0764 0x1604  3ware - ok
20:49:45.0764 0x1604  ACPI - ok
20:49:45.0764 0x1604  acpiex - ok
20:49:45.0764 0x1604  acpipagr - ok
20:49:45.0764 0x1604  AcpiPmi - ok
20:49:45.0779 0x1604  acpitime - ok
20:49:45.0779 0x1604  [ D44BCAF639E4E45307C2BC80715273D5, 1E1CDE13C39D835447096CBEC104A2EDDCE15D94288DB3FBB02421B8B8307989 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
20:49:45.0795 0x1604  adfs - ok
20:49:45.0811 0x1604  [ 9444A3530C2E88B7ED96A566FF9CCC13, B6372B557715279A03063FD0A30512A5938A689A950B9C6AF7BBC66C15FA87A6 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
20:49:45.0826 0x1604  Adobe Version Cue CS4 - ok
20:49:45.0826 0x1604  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:45.0842 0x1604  AdobeARMservice - ok
20:49:45.0842 0x1604  ADP80XX - ok
20:49:45.0842 0x1604  AFD - ok
20:49:45.0842 0x1604  agp440 - ok
20:49:45.0842 0x1604  ahcache - ok
20:49:45.0858 0x1604  AJRouter - ok
20:49:45.0858 0x1604  ALG - ok
20:49:45.0858 0x1604  AmdK8 - ok
20:49:45.0858 0x1604  AmdPPM - ok
20:49:45.0858 0x1604  amdsata - ok
20:49:45.0858 0x1604  amdsbs - ok
20:49:45.0858 0x1604  amdxata - ok
20:49:45.0889 0x1604  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
20:49:45.0904 0x1604  AntiVirMailService - ok
20:49:45.0920 0x1604  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:49:45.0936 0x1604  AntiVirSchedulerService - ok
20:49:45.0951 0x1604  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:49:45.0967 0x1604  AntiVirService - ok
20:49:45.0983 0x1604  [ B667AB46FA82FC246F9069D81BB1065C, CC3ADE01E745B6A4F425E41C5C380BF0D06121B3823BDF0A8DF2973DA59F86EA ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:49:46.0014 0x1604  AntiVirWebService - ok
20:49:46.0014 0x1604  AppHostSvc - ok
20:49:46.0014 0x1604  AppID - ok
20:49:46.0014 0x1604  AppIDSvc - ok
20:49:46.0014 0x1604  Appinfo - ok
20:49:46.0030 0x1604  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:49:46.0030 0x1604  Apple Mobile Device Service - ok
20:49:46.0030 0x1604  AppMgmt - ok
20:49:46.0030 0x1604  AppReadiness - ok
20:49:46.0045 0x1604  AppXSvc - ok
20:49:46.0045 0x1604  arcsas - ok
20:49:46.0045 0x1604  aspnet_state - ok
20:49:46.0061 0x1604  AsyncMac - ok
20:49:46.0061 0x1604  atapi - ok
20:49:46.0061 0x1604  [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] AthDfu          C:\WINDOWS\System32\Drivers\AthDfu.sys
20:49:46.0076 0x1604  AthDfu - ok
20:49:46.0076 0x1604  AudioEndpointBuilder - ok
20:49:46.0076 0x1604  Audiosrv - ok
20:49:46.0092 0x1604  [ AC82CC4F2A41E098EB34C0A9F8125DDC, CC416DD5FC8E14A1F99F8DF52D795CA6E16EDBF8FD7C9624B10BA83D9D954BF2 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:49:46.0092 0x1604  avgntflt - ok
20:49:46.0092 0x1604  [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:49:46.0108 0x1604  avipbb - ok
20:49:46.0108 0x1604  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
20:49:46.0123 0x1604  Avira.ServiceHost - ok
20:49:46.0123 0x1604  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:49:46.0139 0x1604  avkmgr - ok
20:49:46.0139 0x1604  [ 74179E7C103F3A44B33D7D982E21E35D, 7F2384B065EA9959734D65426781D901CDB0DA8DFCAD13BF05044DDF33CA5688 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
20:49:46.0139 0x1604  avnetflt - ok
20:49:46.0139 0x1604  AxInstSV - ok
20:49:46.0155 0x1604  b06bdrv - ok
20:49:46.0155 0x1604  BasicDisplay - ok
20:49:46.0155 0x1604  BasicRender - ok
20:49:46.0155 0x1604  bcmfn2 - ok
20:49:46.0155 0x1604  BDESVC - ok
20:49:46.0155 0x1604  Beep - ok
20:49:46.0155 0x1604  BFE - ok
20:49:46.0170 0x1604  BITS - ok
20:49:46.0170 0x1604  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:49:46.0186 0x1604  Bonjour Service - ok
20:49:46.0186 0x1604  bowser - ok
20:49:46.0186 0x1604  BrokerInfrastructure - ok
20:49:46.0186 0x1604  Browser - ok
20:49:46.0201 0x1604  [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS       C:\WINDOWS\System32\drivers\btath_bus.sys
20:49:46.0201 0x1604  BTATH_BUS - ok
20:49:46.0217 0x1604  [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:49:46.0233 0x1604  BtFilter - ok
20:49:46.0233 0x1604  BthAvrcpTg - ok
20:49:46.0233 0x1604  BthEnum - ok
20:49:46.0248 0x1604  BthHFEnum - ok
20:49:46.0248 0x1604  bthhfhid - ok
20:49:46.0248 0x1604  BthHFSrv - ok
20:49:46.0248 0x1604  BTHMODEM - ok
20:49:46.0248 0x1604  BthPan - ok
20:49:46.0248 0x1604  BTHPORT - ok
20:49:46.0248 0x1604  bthserv - ok
20:49:46.0264 0x1604  BTHUSB - ok
20:49:46.0264 0x1604  buttonconverter - ok
20:49:46.0264 0x1604  CapImg - ok
20:49:46.0264 0x1604  cdfs - ok
20:49:46.0264 0x1604  CDPSvc - ok
20:49:46.0264 0x1604  cdrom - ok
20:49:46.0264 0x1604  CertPropSvc - ok
20:49:46.0264 0x1604  circlass - ok
20:49:46.0280 0x1604  CLFS - ok
20:49:46.0280 0x1604  ClipSVC - ok
20:49:46.0280 0x1604  CmBatt - ok
20:49:46.0280 0x1604  CNG - ok
20:49:46.0280 0x1604  cnghwassist - ok
20:49:46.0295 0x1604  CompositeBus - ok
20:49:46.0295 0x1604  COMSysApp - ok
20:49:46.0311 0x1604  condrv - ok
20:49:46.0311 0x1604  CoreMessagingRegistrar - ok
20:49:46.0342 0x1604  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:49:46.0358 0x1604  cphs - ok
20:49:46.0358 0x1604  CryptSvc - ok
20:49:46.0358 0x1604  CSC - ok
20:49:46.0358 0x1604  CscService - ok
20:49:46.0358 0x1604  dam - ok
20:49:46.0373 0x1604  DcomLaunch - ok
20:49:46.0373 0x1604  DcpSvc - ok
20:49:46.0373 0x1604  defragsvc - ok
20:49:46.0373 0x1604  DeviceAssociationService - ok
20:49:46.0373 0x1604  DeviceInstall - ok
20:49:46.0373 0x1604  DevQueryBroker - ok
20:49:46.0373 0x1604  Dfsc - ok
20:49:46.0389 0x1604  Dhcp - ok
20:49:46.0389 0x1604  diagnosticshub.standardcollector.service - ok
20:49:46.0389 0x1604  DiagTrack - ok
20:49:46.0389 0x1604  disk - ok
20:49:46.0389 0x1604  DmEnrollmentSvc - ok
20:49:46.0389 0x1604  dmvsc - ok
20:49:46.0389 0x1604  dmwappushservice - ok
20:49:46.0405 0x1604  Dnscache - ok
20:49:46.0405 0x1604  dot3svc - ok
20:49:46.0405 0x1604  DPS - ok
20:49:46.0405 0x1604  drmkaud - ok
20:49:46.0405 0x1604  DsmSvc - ok
20:49:46.0405 0x1604  DsSvc - ok
20:49:46.0420 0x1604  [ 1C894CE2570E8ACB2E5791D24E75BD7B, 1273DA3C9496A24279642E12B1BBE3C271DA0602BDE57AD168B1FEFCB343E4FF ] DTSAudioService C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
20:49:46.0420 0x1604  DTSAudioService - ok
20:49:46.0436 0x1604  DXGKrnl - ok
20:49:46.0436 0x1604  e1iexpress - ok
20:49:46.0436 0x1604  Eaphost - ok
20:49:46.0436 0x1604  ebdrv - ok
20:49:46.0436 0x1604  EFS - ok
20:49:46.0436 0x1604  EhStorClass - ok
20:49:46.0436 0x1604  EhStorTcgDrv - ok
20:49:46.0451 0x1604  [ A05FC7ECA0966EBB70E4D17B855A853B, 16A0C8138A3BBD8BE2658261131F9777940CFB1431018A10710E5C1A88AB70EA ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:49:46.0451 0x1604  ElbyCDIO - ok
20:49:46.0451 0x1604  embeddedmode - ok
20:49:46.0451 0x1604  EntAppSvc - ok
20:49:46.0451 0x1604  ErrDev - ok
20:49:46.0467 0x1604  EventSystem - ok
20:49:46.0467 0x1604  exfat - ok
20:49:46.0483 0x1604  [ 4DB4B4F470FBFC974E647B6A9A27D576, CAE4BEF5BCEE4CA0D107D1868F7001D60D959E985941748762A98B9FA6140808 ] EyeTV Netstream C:\Program Files (x86)\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe
20:49:46.0483 0x1604  EyeTV Netstream - ok
20:49:46.0498 0x1604  [ 827B751004EECA17DED6E4E505D6E4DC, A85B1919A5AE2FD9F5A40DAEDB93CD521333A5673A6BAA5FE22E92D2B35D0544 ] EyeTV_Sat_Free  C:\WINDOWS\system32\DRIVERS\EyeTV_Sat_Free.sys
20:49:46.0498 0x1604  EyeTV_Sat_Free - ok
20:49:46.0498 0x1604  fastfat - ok
20:49:46.0514 0x1604  Fax - ok
20:49:46.0514 0x1604  fdc - ok
20:49:46.0514 0x1604  fdPHost - ok
20:49:46.0514 0x1604  FDResPub - ok
20:49:46.0514 0x1604  fhsvc - ok
20:49:46.0514 0x1604  FileCrypt - ok
20:49:46.0514 0x1604  FileInfo - ok
20:49:46.0514 0x1604  Filetrace - ok
20:49:46.0530 0x1604  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:49:46.0545 0x1604  FLEXnet Licensing Service - ok
20:49:46.0576 0x1604  [ 1C3FB052A0BB72EDAED90785C34D6EED, 5300A82D1A79EBA1768F545E73974E3B8CE189AB39CDF905BF42AFA2E497186B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:49:46.0592 0x1604  FLEXnet Licensing Service 64 - ok
20:49:46.0592 0x1604  flpydisk - ok
20:49:46.0608 0x1604  FltMgr - ok
20:49:46.0608 0x1604  FontCache - ok
20:49:46.0608 0x1604  FontCache3.0.0.0 - ok
20:49:46.0608 0x1604  FsDepends - ok
20:49:46.0608 0x1604  Fs_Rec - ok
20:49:46.0608 0x1604  fvevol - ok
20:49:46.0608 0x1604  gagp30kx - ok
20:49:46.0623 0x1604  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:49:46.0623 0x1604  GEARAspiWDM - ok
20:49:46.0623 0x1604  gencounter - ok
20:49:46.0623 0x1604  genericusbfn - ok
20:49:46.0623 0x1604  GPIOClx0101 - ok
20:49:46.0639 0x1604  gpsvc - ok
20:49:46.0639 0x1604  GpuEnergyDrv - ok
20:49:46.0639 0x1604  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:46.0639 0x1604  gupdate - ok
20:49:46.0655 0x1604  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:46.0655 0x1604  gupdatem - ok
20:49:46.0655 0x1604  HdAudAddService - ok
20:49:46.0655 0x1604  HDAudBus - ok
20:49:46.0670 0x1604  HidBatt - ok
20:49:46.0670 0x1604  HidBth - ok
20:49:46.0670 0x1604  hidi2c - ok
20:49:46.0670 0x1604  hidinterrupt - ok
20:49:46.0670 0x1604  HidIr - ok
20:49:46.0670 0x1604  hidserv - ok
20:49:46.0670 0x1604  HidUsb - ok
20:49:46.0686 0x1604  HomeGroupListener - ok
20:49:46.0686 0x1604  HomeGroupProvider - ok
20:49:46.0686 0x1604  HpSAMD - ok
20:49:46.0686 0x1604  HTTP - ok
20:49:46.0686 0x1604  hwpolicy - ok
20:49:46.0686 0x1604  hyperkbd - ok
20:49:46.0686 0x1604  HyperVideo - ok
20:49:46.0686 0x1604  i8042prt - ok
20:49:46.0701 0x1604  iaLPSSi_GPIO - ok
20:49:46.0701 0x1604  iaLPSSi_I2C - ok
20:49:46.0701 0x1604  iaStorAV - ok
20:49:46.0701 0x1604  [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:49:46.0701 0x1604  IAStorDataMgrSvc - ok
20:49:46.0717 0x1604  iaStorV - ok
20:49:46.0717 0x1604  ibbus - ok
20:49:46.0717 0x1604  icssvc - ok
20:49:46.0717 0x1604  IEEtwCollectorService - ok
20:49:46.0811 0x1604  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:49:46.0920 0x1604  igfx - ok
20:49:46.0936 0x1604  [ 51516252DBBFED36F70B341DBA263167, 69F19C877AA64ABE9ADDE21CD9E3DE5E5F2E924A59217D3F0A558CF38CF1EDFD ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:49:46.0936 0x1604  IJPLMSVC - detected UnsignedFile.Multi.Generic ( 1 )
20:49:49.0498 0x1604  Detect skipped due to KSN trusted
20:49:49.0498 0x1604  IJPLMSVC - ok
20:49:49.0514 0x1604  IKEEXT - ok
20:49:49.0592 0x1604  [ CFF7673A716876C03AED20B2000EF0A6, 4FCE213852801DB1E5C43BD165D591A0F69DB1DFB320F8BBE7C1FF04CAEE4111 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:49:49.0670 0x1604  IntcAzAudAddService - ok
20:49:49.0670 0x1604  intelide - ok
20:49:49.0670 0x1604  intelpep - ok
20:49:49.0670 0x1604  intelppm - ok
20:49:49.0686 0x1604  IoQos - ok
20:49:49.0686 0x1604  IpFilterDriver - ok
20:49:49.0686 0x1604  iphlpsvc - ok
20:49:49.0686 0x1604  IPMIDRV - ok
20:49:49.0686 0x1604  IPNAT - ok
20:49:49.0702 0x1604  [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:49:49.0717 0x1604  iPod Service - ok
20:49:49.0717 0x1604  IRENUM - ok
20:49:49.0717 0x1604  isapnp - ok
20:49:49.0717 0x1604  iScsiPrt - ok
20:49:49.0733 0x1604  [ 79A55E8907F34AB569029505418C35EF, 2B97AD5800AD3F4467D30DC2F3E4A1614570D267231FBBD7C0251A2DC73402EF ] JRAID           C:\WINDOWS\system32\drivers\jraid.sys
20:49:49.0733 0x1604  JRAID - ok
20:49:49.0733 0x1604  kbdclass - ok
20:49:49.0733 0x1604  kbdhid - ok
20:49:49.0748 0x1604  kdnic - ok
20:49:49.0748 0x1604  KeyIso - ok
20:49:49.0748 0x1604  KSecDD - ok
20:49:49.0748 0x1604  KSecPkg - ok
20:49:49.0748 0x1604  ksthunk - ok
20:49:49.0748 0x1604  KtmRm - ok
20:49:49.0748 0x1604  LanmanServer - ok
20:49:49.0764 0x1604  LanmanWorkstation - ok
20:49:49.0764 0x1604  lfsvc - ok
20:49:49.0764 0x1604  LicenseManager - ok
20:49:49.0764 0x1604  lltdio - ok
20:49:49.0764 0x1604  lltdsvc - ok
20:49:49.0764 0x1604  lmhosts - ok
20:49:49.0764 0x1604  LSI_SAS - ok
20:49:49.0780 0x1604  LSI_SAS2i - ok
20:49:49.0780 0x1604  LSI_SAS3i - ok
20:49:49.0780 0x1604  LSI_SSS - ok
20:49:49.0780 0x1604  LSM - ok
20:49:49.0780 0x1604  luafv - ok
20:49:49.0780 0x1604  MapsBroker - ok
20:49:49.0780 0x1604  megasas - ok
20:49:49.0795 0x1604  megasr - ok
20:49:49.0795 0x1604  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
20:49:49.0795 0x1604  MEIx64 - ok
20:49:49.0795 0x1604  mlx4_bus - ok
20:49:49.0795 0x1604  MMCSS - ok
20:49:49.0811 0x1604  Modem - ok
20:49:49.0811 0x1604  monitor - ok
20:49:49.0811 0x1604  mouclass - ok
20:49:49.0811 0x1604  mouhid - ok
20:49:49.0811 0x1604  mountmgr - ok
20:49:49.0811 0x1604  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:49:49.0827 0x1604  MozillaMaintenance - ok
20:49:49.0827 0x1604  mpsdrv - ok
20:49:49.0827 0x1604  MpsSvc - ok
20:49:49.0827 0x1604  MQAC - ok
20:49:49.0842 0x1604  MRxDAV - ok
20:49:49.0842 0x1604  mrxsmb - ok
20:49:49.0842 0x1604  mrxsmb10 - ok
20:49:49.0842 0x1604  mrxsmb20 - ok
20:49:49.0842 0x1604  MsBridge - ok
20:49:49.0842 0x1604  MSDTC - ok
20:49:49.0842 0x1604  Msfs - ok
20:49:49.0858 0x1604  msgpiowin32 - ok
20:49:49.0858 0x1604  mshidkmdf - ok
20:49:49.0858 0x1604  mshidumdf - ok
20:49:49.0858 0x1604  msisadrv - ok
20:49:49.0858 0x1604  MSiSCSI - ok
20:49:49.0858 0x1604  msiserver - ok
20:49:49.0858 0x1604  MSKSSRV - ok
20:49:49.0873 0x1604  MsLldp - ok
20:49:49.0873 0x1604  MSMQ - ok
20:49:49.0873 0x1604  MSPCLOCK - ok
20:49:49.0873 0x1604  MSPQM - ok
20:49:49.0873 0x1604  MsRPC - ok
20:49:49.0873 0x1604  mssmbios - ok
20:49:49.0873 0x1604  MSTEE - ok
20:49:49.0889 0x1604  MTConfig - ok
20:49:49.0889 0x1604  Mup - ok
20:49:49.0889 0x1604  [ 64E2336100283CB4054EB174E195ACEC, 666C5189A920FDB30D209ECB856D875F4752D1B70C666E831D538DE6EB380332 ] mv61xx          C:\WINDOWS\system32\drivers\mv61xx.sys
20:49:49.0905 0x1604  mv61xx - ok
20:49:49.0905 0x1604  [ A986DC81534582FA478C286E8F57A877, E4605C0F95474C9CEB7630A1DB4D62D810A4D4797FFFAC2D175693DA5C76DEC5 ] mvs91xx         C:\WINDOWS\system32\drivers\mvs91xx.sys
20:49:49.0920 0x1604  mvs91xx - ok
20:49:49.0920 0x1604  mvumis - ok
20:49:49.0920 0x1604  NativeWifiP - ok
20:49:49.0920 0x1604  NcaSvc - ok
20:49:49.0936 0x1604  NcbService - ok
20:49:49.0936 0x1604  NcdAutoSetup - ok
20:49:49.0936 0x1604  ndfltr - ok
20:49:49.0936 0x1604  NDIS - ok
20:49:49.0936 0x1604  NdisCap - ok
20:49:49.0936 0x1604  NdisImPlatform - ok
20:49:49.0936 0x1604  NdisTapi - ok
20:49:49.0936 0x1604  Ndisuio - ok
20:49:49.0952 0x1604  NdisVirtualBus - ok
20:49:49.0952 0x1604  NdisWan - ok
20:49:49.0952 0x1604  ndiswanlegacy - ok
20:49:49.0952 0x1604  ndproxy - ok
20:49:49.0952 0x1604  Ndu - ok
20:49:49.0952 0x1604  NetBIOS - ok
20:49:49.0967 0x1604  NetBT - ok
20:49:49.0967 0x1604  Netlogon - ok
20:49:49.0967 0x1604  Netman - ok
20:49:49.0967 0x1604  NetMsmqActivator - ok
20:49:49.0967 0x1604  NetPipeActivator - ok
20:49:49.0967 0x1604  netprofm - ok
20:49:49.0967 0x1604  NetSetupSvc - ok
20:49:49.0983 0x1604  NetTcpActivator - ok
20:49:49.0983 0x1604  NetTcpPortSharing - ok
20:49:49.0983 0x1604  netvsc - ok
20:49:49.0983 0x1604  NgcCtnrSvc - ok
20:49:49.0983 0x1604  NgcSvc - ok
20:49:49.0983 0x1604  NlaSvc - ok
20:49:49.0983 0x1604  Npfs - ok
20:49:49.0999 0x1604  npsvctrig - ok
20:49:49.0999 0x1604  nsi - ok
20:49:49.0999 0x1604  nsiproxy - ok
20:49:49.0999 0x1604  NTFS - ok
20:49:49.0999 0x1604  Null - ok
20:49:50.0014 0x1604  [ 598E707D7053535D2BCD9F7779D15AB7, A8709F1123758D73C9C616003F7502CCE485A6DD23EF82B211AA7AE4FCC3C314 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
20:49:50.0014 0x1604  NVHDA - ok
20:49:50.0186 0x1604  [ 1BAA8D6913574F87F5983294A076631D, 9B6D4E9E8DECC6A2D788ED1CF629A0713708BB3788B4AC43902B8B5E180166C8 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
20:49:50.0374 0x1604  nvlddmkm - ok
20:49:50.0389 0x1604  nvraid - ok
20:49:50.0389 0x1604  nvstor - ok
20:49:50.0405 0x1604  [ 90566025EFD5BA4005A5C9A2773B230B, 9075981E7020250E38D25C046E39C69B252B46888A9F6F749FF50FB442907E37 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
20:49:50.0436 0x1604  nvsvc - ok
20:49:50.0467 0x1604  [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:49:50.0483 0x1604  nvUpdatusService - ok
20:49:50.0499 0x1604  nv_agp - ok
20:49:50.0499 0x1604  OneSyncSvc - ok
20:49:50.0499 0x1604  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:50.0514 0x1604  ose - ok
20:49:50.0608 0x1604  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:49:50.0686 0x1604  osppsvc - ok
20:49:50.0702 0x1604  p2pimsvc - ok
20:49:50.0702 0x1604  p2psvc - ok
20:49:50.0702 0x1604  Parport - ok
20:49:50.0702 0x1604  partmgr - ok
20:49:50.0702 0x1604  PcaSvc - ok
20:49:50.0717 0x1604  pci - ok
20:49:50.0717 0x1604  pciide - ok
20:49:50.0717 0x1604  pcmcia - ok
20:49:50.0717 0x1604  pcw - ok
20:49:50.0717 0x1604  pdc - ok
20:49:50.0717 0x1604  PEAUTH - ok
20:49:50.0717 0x1604  PeerDistSvc - ok
20:49:50.0733 0x1604  percsas2i - ok
20:49:50.0733 0x1604  percsas3i - ok
20:49:50.0749 0x1604  PerfHost - ok
20:49:50.0749 0x1604  PimIndexMaintenanceSvc - ok
20:49:50.0749 0x1604  pla - ok
20:49:50.0764 0x1604  PlugPlay - ok
20:49:50.0764 0x1604  PNRPAutoReg - ok
20:49:50.0764 0x1604  PNRPsvc - ok
20:49:50.0764 0x1604  PolicyAgent - ok
20:49:50.0764 0x1604  Power - ok
20:49:50.0764 0x1604  PptpMiniport - ok
20:49:50.0780 0x1604  PrintNotify - ok
20:49:50.0780 0x1604  Processor - ok
20:49:50.0780 0x1604  ProfSvc - ok
20:49:50.0780 0x1604  Psched - ok
20:49:50.0795 0x1604  QWAVE - ok
20:49:50.0795 0x1604  QWAVEdrv - ok
20:49:50.0795 0x1604  RasAcd - ok
20:49:50.0795 0x1604  RasAgileVpn - ok
20:49:50.0795 0x1604  RasAuto - ok
20:49:50.0795 0x1604  Rasl2tp - ok
20:49:50.0795 0x1604  RasMan - ok
20:49:50.0795 0x1604  RasPppoe - ok
20:49:50.0811 0x1604  RasSstp - ok
20:49:50.0811 0x1604  rdbss - ok
20:49:50.0811 0x1604  rdpbus - ok
20:49:50.0811 0x1604  RDPDR - ok
20:49:50.0811 0x1604  RdpVideoMiniport - ok
20:49:50.0827 0x1604  rdyboost - ok
20:49:50.0827 0x1604  ReFSv1 - ok
20:49:50.0827 0x1604  RemoteAccess - ok
20:49:50.0827 0x1604  RemoteRegistry - ok
20:49:50.0827 0x1604  RetailDemo - ok
20:49:50.0827 0x1604  RFCOMM - ok
20:49:50.0827 0x1604  RpcEptMapper - ok
20:49:50.0842 0x1604  RpcLocator - ok
20:49:50.0842 0x1604  RpcSs - ok
20:49:50.0842 0x1604  rspndr - ok
20:49:50.0842 0x1604  rt640x64 - ok
20:49:50.0842 0x1604  s3cap - ok
20:49:50.0842 0x1604  SamSs - ok
20:49:50.0842 0x1604  sbp2port - ok
20:49:50.0842 0x1604  SCardSvr - ok
20:49:50.0858 0x1604  ScDeviceEnum - ok
20:49:50.0858 0x1604  scfilter - ok
20:49:50.0858 0x1604  Schedule - ok
20:49:50.0858 0x1604  SCPolicySvc - ok
20:49:50.0858 0x1604  sdbus - ok
20:49:50.0858 0x1604  SDRSVC - ok
20:49:50.0858 0x1604  sdstor - ok
20:49:50.0874 0x1604  seclogon - ok
20:49:50.0874 0x1604  SENS - ok
20:49:50.0874 0x1604  SensorDataService - ok
20:49:50.0874 0x1604  SensorService - ok
20:49:50.0874 0x1604  SensrSvc - ok
20:49:50.0874 0x1604  SerCx - ok
20:49:50.0874 0x1604  SerCx2 - ok
20:49:50.0874 0x1604  Serenum - ok
20:49:50.0889 0x1604  Serial - ok
20:49:50.0889 0x1604  sermouse - ok
20:49:50.0889 0x1604  SessionEnv - ok
20:49:50.0889 0x1604  sfloppy - ok
20:49:50.0889 0x1604  SharedAccess - ok
20:49:50.0905 0x1604  ShellHWDetection - ok
20:49:50.0905 0x1604  SiSRaid2 - ok
20:49:50.0905 0x1604  SiSRaid4 - ok
20:49:50.0905 0x1604  smphost - ok
20:49:50.0905 0x1604  SmsRouter - ok
20:49:50.0920 0x1604  SNMPTRAP - ok
20:49:50.0920 0x1604  spaceport - ok
20:49:50.0920 0x1604  SpbCx - ok
20:49:50.0920 0x1604  Spooler - ok
20:49:50.0920 0x1604  sppsvc - ok
20:49:50.0920 0x1604  srv - ok
20:49:50.0920 0x1604  srv2 - ok
20:49:50.0920 0x1604  srvnet - ok
20:49:50.0936 0x1604  SSDPSRV - ok
20:49:50.0936 0x1604  SstpSvc - ok
20:49:50.0936 0x1604  StateRepository - ok
20:49:50.0952 0x1604  [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:49:50.0952 0x1604  Stereo Service - ok
20:49:50.0967 0x1604  stexstor - ok
20:49:50.0967 0x1604  [ 7C4D2F167FA6153B4FE7145FE6D3DF15, F39ED9CDF323DDC57D0F64F9CC121E911EA53819A3A941A2F6EA557C35FCB372 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
20:49:50.0983 0x1604  StillCam - ok
20:49:50.0983 0x1604  stisvc - ok
20:49:50.0983 0x1604  storahci - ok
20:49:50.0983 0x1604  storflt - ok
20:49:50.0983 0x1604  stornvme - ok
20:49:50.0983 0x1604  storqosflt - ok
20:49:50.0983 0x1604  StorSvc - ok
20:49:50.0999 0x1604  storufs - ok
20:49:50.0999 0x1604  storvsc - ok
20:49:50.0999 0x1604  svsvc - ok
20:49:51.0014 0x1604  swenum - ok
20:49:51.0014 0x1604  swprv - ok
20:49:51.0014 0x1604  Synth3dVsc - ok
20:49:51.0014 0x1604  SysMain - ok
20:49:51.0014 0x1604  SystemEventsBroker - ok
20:49:51.0014 0x1604  TabletInputService - ok
20:49:51.0030 0x1604  TapiSrv - ok
20:49:51.0030 0x1604  Tcpip - ok
20:49:51.0030 0x1604  Tcpip6 - ok
20:49:51.0030 0x1604  tcpipreg - ok
20:49:51.0030 0x1604  tdx - ok
20:49:51.0030 0x1604  terminpt - ok
20:49:51.0045 0x1604  TermService - ok
20:49:51.0045 0x1604  Themes - ok
20:49:51.0045 0x1604  tiledatamodelsvc - ok
20:49:51.0045 0x1604  TimeBroker - ok
20:49:51.0045 0x1604  TPM - ok
20:49:51.0045 0x1604  TrkWks - ok
20:49:51.0045 0x1604  TrustedInstaller - ok
20:49:51.0061 0x1604  TsUsbFlt - ok
20:49:51.0061 0x1604  TsUsbGD - ok
20:49:51.0061 0x1604  tunnel - ok
20:49:51.0061 0x1604  uagp35 - ok
20:49:51.0061 0x1604  UASPStor - ok
20:49:51.0061 0x1604  UcmCx0101 - ok
20:49:51.0061 0x1604  UcmUcsi - ok
20:49:51.0061 0x1604  Ucx01000 - ok
20:49:51.0077 0x1604  UdeCx - ok
20:49:51.0077 0x1604  udfs - ok
20:49:51.0077 0x1604  UEFI - ok
20:49:51.0077 0x1604  Ufx01000 - ok
20:49:51.0077 0x1604  UfxChipidea - ok
20:49:51.0077 0x1604  ufxsynopsys - ok
20:49:51.0092 0x1604  UI0Detect - ok
20:49:51.0092 0x1604  uliagpkx - ok
20:49:51.0092 0x1604  umbus - ok
20:49:51.0092 0x1604  UmPass - ok
20:49:51.0092 0x1604  UmRdpService - ok
20:49:51.0092 0x1604  UnistoreSvc - ok
20:49:51.0092 0x1604  upnphost - ok
20:49:51.0108 0x1604  UrsChipidea - ok
20:49:51.0108 0x1604  UrsCx01000 - ok
20:49:51.0108 0x1604  UrsSynopsys - ok
20:49:51.0108 0x1604  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
20:49:51.0124 0x1604  USBAAPL64 - ok
20:49:51.0124 0x1604  usbccgp - ok
20:49:51.0124 0x1604  usbcir - ok
20:49:51.0124 0x1604  usbehci - ok
20:49:51.0124 0x1604  usbhub - ok
20:49:51.0139 0x1604  USBHUB3 - ok
20:49:51.0139 0x1604  usbohci - ok
20:49:51.0139 0x1604  usbprint - ok
20:49:51.0139 0x1604  [ 923CA145CD0A9DFBA4CBBA60AB684C2C, EFAA1E730802490E9A53718D70484832A38345FE0A670937FC546FD245DF2CC9 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:49:51.0155 0x1604  usbscan - ok
20:49:51.0155 0x1604  usbser - ok
20:49:51.0155 0x1604  USBSTOR - ok
20:49:51.0155 0x1604  usbuhci - ok
20:49:51.0170 0x1604  USBXHCI - ok
20:49:51.0170 0x1604  UserDataSvc - ok
20:49:51.0170 0x1604  UserManager - ok
20:49:51.0170 0x1604  UsoSvc - ok
20:49:51.0170 0x1604  VaultSvc - ok
20:49:51.0170 0x1604  [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone          C:\WINDOWS\System32\drivers\VClone.sys
20:49:51.0186 0x1604  VClone - ok
20:49:51.0186 0x1604  vdrvroot - ok
20:49:51.0186 0x1604  vds - ok
20:49:51.0186 0x1604  VerifierExt - ok
20:49:51.0186 0x1604  vhdmp - ok
20:49:51.0202 0x1604  vhf - ok
20:49:51.0202 0x1604  vmbus - ok
20:49:51.0202 0x1604  VMBusHID - ok
20:49:51.0202 0x1604  vmicguestinterface - ok
20:49:51.0202 0x1604  vmicheartbeat - ok
20:49:51.0202 0x1604  vmickvpexchange - ok
20:49:51.0202 0x1604  vmicrdv - ok
20:49:51.0217 0x1604  vmicshutdown - ok
20:49:51.0217 0x1604  vmictimesync - ok
20:49:51.0217 0x1604  vmicvmsession - ok
20:49:51.0217 0x1604  vmicvss - ok
20:49:51.0217 0x1604  volmgr - ok
20:49:51.0217 0x1604  volmgrx - ok
20:49:51.0217 0x1604  volsnap - ok
20:49:51.0217 0x1604  vpci - ok
20:49:51.0233 0x1604  vsmraid - ok
20:49:51.0233 0x1604  VSS - ok
20:49:51.0233 0x1604  VSTXRAID - ok
20:49:51.0233 0x1604  vwifibus - ok
20:49:51.0233 0x1604  vwififlt - ok
20:49:51.0233 0x1604  W32Time - ok
20:49:51.0233 0x1604  w3logsvc - ok
20:49:51.0249 0x1604  W3SVC - ok
20:49:51.0249 0x1604  WacomPen - ok
20:49:51.0249 0x1604  WalletService - ok
20:49:51.0249 0x1604  wanarp - ok
20:49:51.0249 0x1604  wanarpv6 - ok
20:49:51.0249 0x1604  WAS - ok
20:49:51.0249 0x1604  wbengine - ok
20:49:51.0264 0x1604  WbioSrvc - ok
20:49:51.0264 0x1604  Wcmsvc - ok
20:49:51.0264 0x1604  wcncsvc - ok
20:49:51.0264 0x1604  WcsPlugInService - ok
20:49:51.0264 0x1604  WdBoot - ok
20:49:51.0264 0x1604  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam64.sys
20:49:51.0280 0x1604  WDC_SAM - detected UnsignedFile.Multi.Generic ( 1 )
20:49:53.0858 0x1604  Detect skipped due to KSN trusted
20:49:53.0858 0x1604  WDC_SAM - ok
20:49:53.0858 0x1604  Wdf01000 - ok
20:49:53.0858 0x1604  WdFilter - ok
20:49:53.0874 0x1604  WdiServiceHost - ok
20:49:53.0874 0x1604  WdiSystemHost - ok
20:49:53.0874 0x1604  wdiwifi - ok
20:49:53.0874 0x1604  WdNisDrv - ok
20:49:53.0874 0x1604  WdNisSvc - ok
20:49:53.0874 0x1604  WebClient - ok
20:49:53.0889 0x1604  Wecsvc - ok
20:49:53.0889 0x1604  WEPHOSTSVC - ok
20:49:53.0889 0x1604  wercplsupport - ok
20:49:53.0889 0x1604  WerSvc - ok
20:49:53.0889 0x1604  wfpcapture - ok
20:49:53.0889 0x1604  WFPLWFS - ok
20:49:53.0889 0x1604  WiaRpc - ok
20:49:53.0905 0x1604  WIMMount - ok
20:49:53.0905 0x1604  WinDefend - ok
20:49:53.0905 0x1604  WindowsTrustedRT - ok
20:49:53.0905 0x1604  WindowsTrustedRTProxy - ok
20:49:53.0905 0x1604  WinHttpAutoProxySvc - ok
20:49:53.0905 0x1604  WinMad - ok
20:49:53.0921 0x1604  Winmgmt - ok
20:49:53.0921 0x1604  WinRM - ok
20:49:53.0921 0x1604  WINUSB - ok
20:49:53.0921 0x1604  WinVerbs - ok
20:49:53.0921 0x1604  WlanSvc - ok
20:49:53.0936 0x1604  wlidsvc - ok
20:49:53.0936 0x1604  WmiAcpi - ok
20:49:53.0936 0x1604  wmiApSrv - ok
20:49:53.0936 0x1604  WMPNetworkSvc - ok
20:49:53.0936 0x1604  [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:49:53.0952 0x1604  Wof - ok
20:49:53.0952 0x1604  workfolderssvc - ok
20:49:53.0968 0x1604  wpcfltr - ok
20:49:53.0968 0x1604  WPDBusEnum - ok
20:49:53.0968 0x1604  WpdUpFltr - ok
20:49:53.0968 0x1604  WpnService - ok
20:49:53.0968 0x1604  ws2ifsl - ok
20:49:53.0968 0x1604  wscsvc - ok
20:49:53.0983 0x1604  WSDPrintDevice - ok
20:49:53.0983 0x1604  WSDScan - ok
20:49:53.0983 0x1604  WSearch - ok
20:49:53.0983 0x1604  WSService - ok
20:49:53.0983 0x1604  wuauserv - ok
20:49:53.0983 0x1604  WudfPf - ok
20:49:53.0983 0x1604  WUDFRd - ok
20:49:53.0999 0x1604  wudfsvc - ok
20:49:53.0999 0x1604  WUDFWpdFs - ok
20:49:53.0999 0x1604  WUDFWpdMtp - ok
20:49:53.0999 0x1604  WwanSvc - ok
20:49:53.0999 0x1604  XblAuthManager - ok
20:49:53.0999 0x1604  XblGameSave - ok
20:49:53.0999 0x1604  xboxgip - ok
20:49:54.0014 0x1604  XboxNetApiSvc - ok
20:49:54.0014 0x1604  xinputhid - ok
20:49:54.0014 0x1604  ================ Scan global ===============================
20:49:54.0014 0x1604  [ Global ] - ok
20:49:54.0014 0x1604  ================ Scan MBR ==================================
20:49:54.0030 0x1604  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:49:54.0077 0x1604  \Device\Harddisk1\DR1 - ok
20:49:54.0093 0x1604  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:49:54.0139 0x1604  \Device\Harddisk0\DR0 - ok
20:49:54.0139 0x1604  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk3\DR6
20:49:56.0436 0x08a8  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
20:49:59.0046 0x08a8  Object send P2P result: true
20:50:09.0328 0x1604  \Device\Harddisk3\DR6 - ok
20:50:09.0328 0x1604  ================ Scan VBR ==================================
20:50:09.0328 0x1604  [ 973DDF31079870D593DC55370A3CB556 ] \Device\Harddisk1\DR1\Partition1
20:50:09.0391 0x1604  \Device\Harddisk1\DR1\Partition1 - ok
20:50:09.0391 0x1604  [ EBBC691C6069DC9B364010CF52A544AD ] \Device\Harddisk0\DR0\Partition1
20:50:09.0391 0x1604  \Device\Harddisk0\DR0\Partition1 - ok
20:50:09.0406 0x1604  [ 1AB3A1643810DD57038726C815B7C13E ] \Device\Harddisk0\DR0\Partition2
20:50:09.0406 0x1604  \Device\Harddisk0\DR0\Partition2 - ok
20:50:09.0406 0x1604  [ DDE13821C97AA8CDAE7690EC527D80CE ] \Device\Harddisk3\DR6\Partition1
20:50:09.0406 0x1604  \Device\Harddisk3\DR6\Partition1 - ok
20:50:09.0406 0x1604  ================ Scan generic autorun ======================
20:50:09.0406 0x1604  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
20:50:09.0422 0x1604  IgfxTray - ok
20:50:09.0438 0x1604  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
20:50:09.0453 0x1604  HotKeysCmds - ok
20:50:09.0453 0x1604  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
20:50:09.0469 0x1604  Persistence - ok
20:50:09.0469 0x1604  AtherosBtStack - ok
20:50:09.0484 0x1604  [ A1D17BD52F1A2E387EEE1C6543AC2671, AC33526CD009790C2EC229F1F87C8B7BDCEF12A281953CC92B124014B00361B1 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
20:50:09.0500 0x1604  AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
20:50:12.0063 0x1604  Detect skipped due to KSN trusted
20:50:12.0063 0x1604  AthBtTray - ok
20:50:12.0125 0x1604  [ C902E1F9ADE0A77B4AA6BB124A9589C8, EA4F9B234780241248AE3AB791A0DBD44B8C96F75A44C9B6856B4E94068B2C47 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
20:50:12.0172 0x1604  CanonMyPrinter - ok
20:50:12.0313 0x1604  [ 7B9FC09115322E2F781B80592CF24CE4, 4CA9565667695E940A48CD08675F25969485491FBABF4073D7A181C1C4AD33A1 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:50:12.0469 0x1604  RTHDVCPL - ok
20:50:12.0500 0x1604  [ 4FE3D28F99BCA7976C04E7985BAE7BC2, 3371734E66FB55F4E9883D7DEAE9429938724D8B576726298E524F3787E180F1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:50:12.0532 0x1604  RtHDVBg_DTS - ok
20:50:12.0532 0x1604  [ 1BF113E377E570DB915EE7D228E594D6, FF4D198D412CA21C49E0A3E6FE52EAD69786B305429095B5BD25CB4FAFD33B51 ] C:\Program Files\iTunes\iTunesHelper.exe
20:50:12.0547 0x1604  iTunesHelper - ok
20:50:12.0547 0x1604  [ F96C73D7D525174B80CFD865A5D7E083, 06E7ACA4B9496CF0505F623DC4516A893E7A70EA37EAB27EA943C8831D221F40 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:50:12.0563 0x1604  IAStorIcon - ok
20:50:12.0563 0x1604  [ FC77F245431D4DA5A9E2A53F3A14B162, 5D45F1AD5492703861873A38FE87F4B8EBBD2DEE3DCFB075D35A362212DF9B04 ] C:\Windows\RaidTool\xInsIDE.exe
20:50:12.0563 0x1604  JMB36X IDE Setup - ok
20:50:12.0563 0x1604  [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
20:50:12.0579 0x1604  NUSB3MON - ok
20:50:12.0594 0x1604  [ A3A9E5888143F3DAB803B007393D791F, 42435F0AF4C942F4F05EB80B36188951A8BEAB3E50F67FCDB1FF8B52A04890C0 ] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
20:50:12.0610 0x1604  AdobeCS4ServiceManager - ok
20:50:12.0610 0x1604  [ AEB3E8A6308604C3490A36D06D6685DC, CAFAE7697261CDA6934E324FC45D893BB452F23A1196FECC6930B72FFA8A2738 ] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
20:50:12.0625 0x1604  Adobe Acrobat Speed Launcher - ok
20:50:12.0641 0x1604  [ B41D1BDB8673873AB25B7540E9B433F1, 846D9541C1260FB9425AF22C1753FD3C9F27D369DD43E51EBE5C8BBB02633E4A ] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
20:50:12.0641 0x1604  Acrobat Assistant 8.0 - ok
20:50:12.0657 0x1604  [ 5E5637173FDD195AD51F0C7223CA1D29, 4D2A3CFF3273F0074540F4AFD957742F76D3F01C35272A42985A825651BA17E4 ] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
20:50:12.0672 0x1604  Adobe_ID0ENQBO - ok
20:50:12.0688 0x1604  [ EE476C51FE76EAAA1496446B97ED7F5E, 1ECF454A38A6BDE5DD93AD3F09DCCBD36F748F23094F31FC2EB50A1FA7D9BED1 ] C:\Program Files (x86)\QNAP\NetBak\NetBak.exe
20:50:12.0704 0x1604  QNAP_NASNetBak - detected UnsignedFile.Multi.Generic ( 1 )
20:50:15.0266 0x1604  Detect skipped due to KSN trusted
20:50:15.0266 0x1604  QNAP_NASNetBak - ok
20:50:15.0282 0x1604  [ 9F3B239443E7AF5840454D8D3A0772CF, 82E135AA844B3170D030CE27259BF7BACBA1FA18670C10B74BD3F402CA9AD29E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:50:15.0282 0x1604  APSDaemon - ok
20:50:15.0298 0x1604  [ 2A21FE60A9BC5247BD8C57409A2B97F8, 6C9851684FB90AB6038A326F4B362C1948DF2173063CA198DCEAEA6BFAC636E0 ] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
20:50:15.0298 0x1604  VirtualCloneDrive - ok
20:50:15.0313 0x1604  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:50:15.0344 0x1604  avgnt - ok
20:50:15.0344 0x1604  [ A8E69DA21AEEB9DAA55D90E87AC1A549, 175AF750A1DF53555D0CB6C61312CEE37E2CB182873041A8AE38C57EA01DC2F5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
20:50:15.0344 0x1604  Avira SystrayStartTrigger - ok
20:50:15.0360 0x1604  [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:50:15.0376 0x1604  SunJavaUpdateSched - ok
20:50:15.0391 0x1604  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
20:50:15.0407 0x1604  IJNetworkScannerSelectorEX - ok
20:50:15.0423 0x1604  [ 363D0C08A159AE50E38F662E16483B50, 340010E6CF05B274D53730642B96F6A83045501D5E276A88D3AA7FB465B955E1 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
20:50:15.0454 0x1604  CanonQuickMenu - ok
20:50:15.0469 0x1604  OneDriveSetup - ok
20:50:15.0469 0x1604  OneDriveSetup - ok
20:50:15.0501 0x1604  [ 406C301F96669A813B25FB1A20A188AB, 87587C0F90A96754EF067592B98E83690FDF62C2B6AAE44AF9CBBE54599A424A ] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
20:50:15.0563 0x1604  Remote Control Editor - detected UnsignedFile.Multi.Generic ( 1 )
20:50:18.0470 0x1604  Detect skipped due to KSN trusted
20:50:18.0470 0x1604  Remote Control Editor - ok
20:50:18.0501 0x1604  [ 33BFEC2B102B196B62ABB9947C7D7E23, 6EAF3462712629401CDBECF63B0848D1762A023FCA156F9FA146B0FEE75C83D0 ] C:\Users\Armin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
20:50:18.0517 0x1604  Dropbox Update - ok
20:50:18.0532 0x1604  [ 9F2ECA252720B25E8FEC1CAB2984B98D, 476EE2929901CD43F15869B763376393AA0942A3B934532055E037C6DCE3CD2D ] C:\Users\Armin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:50:18.0548 0x1604  OneDrive - ok
20:50:18.0548 0x1604  OneDriveSetup - ok
20:50:18.0548 0x1604  WAB Migrate - ok
20:50:18.0548 0x1604  OneDriveSetup - ok
20:50:18.0548 0x1604  WAB Migrate - ok
20:50:18.0548 0x1604  OneDriveSetup - ok
20:50:18.0548 0x1604  WAB Migrate - ok
20:50:18.0548 0x1604  OneDriveSetup - ok
20:50:18.0548 0x1604  Waiting for KSN requests completion. In queue: 23
20:50:19.0564 0x1604  Waiting for KSN requests completion. In queue: 23
20:50:20.0564 0x1604  Waiting for KSN requests completion. In queue: 23
20:50:21.0158 0x09fc  Object required for P2P: [ 7B9FC09115322E2F781B80592CF24CE4 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:50:21.0564 0x1604  Waiting for KSN requests completion. In queue: 19
20:50:22.0579 0x1604  Waiting for KSN requests completion. In queue: 19
20:50:23.0580 0x1604  Waiting for KSN requests completion. In queue: 19
20:50:23.0658 0x09fc  Object send P2P result: true
20:50:24.0595 0x1604  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
20:50:24.0611 0x1604  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x62100 ( disabled : updated )
20:50:24.0611 0x1604  Win FW state via NFP2: enabled ( trusted )
20:50:27.0111 0x1604  ============================================================
20:50:27.0111 0x1604  Scan finished
20:50:27.0111 0x1604  ============================================================
20:50:27.0111 0x1254  Detected object count: 0
20:50:27.0111 0x1254  Actual detected object count: 0
         
Danke, Armin
__________________

Alt 22.11.2015, 06:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Gleichen Satz Logfiles vom nächsten Rechner bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.11.2015, 09:43   #5
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Moin,moin,

beim nächsten Rechner wurde der Virenscanner auch fündig und hat nach Reboot was gelöscht:
Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 20. November 2015  19:21


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Armin
Computername   : T430

Versionsinformationen:
BUILD.DAT      : 15.0.13.210    92152 Bytes  05.10.2015 15:51:00
AVSCAN.EXE     : 15.0.13.202  1183208 Bytes  15.10.2015 11:22:11
AVSCANRC.DLL   : 15.0.13.158    67688 Bytes  15.10.2015 11:22:11
LUKE.DLL       : 15.0.13.190    69248 Bytes  15.10.2015 11:24:52
AVSCPLR.DLL    : 15.0.13.202   106352 Bytes  15.10.2015 11:22:11
REPAIR.DLL     : 15.0.13.193   517328 Bytes  15.10.2015 11:22:06
REPAIR.RDF     : 1.0.12.6     1282434 Bytes  16.11.2015 18:12:21
AVREG.DLL      : 15.0.13.193   339632 Bytes  15.10.2015 11:22:04
AVLODE.DLL     : 15.0.13.193   633688 Bytes  15.10.2015 11:21:55
AVLODE.RDF     : 14.0.5.6       84211 Bytes  31.08.2015 15:06:30
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:44
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 08:35:45
XBV00247.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00248.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00249.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00250.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00251.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00252.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00253.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00254.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:43
XBV00255.VDF   : 8.12.21.126     2048 Bytes  27.10.2015 11:38:44
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:16:59
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 09:16:59
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 09:16:59
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 09:16:59
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 09:16:59
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 09:16:59
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 09:16:59
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 17:07:42
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 08:35:42
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 15:29:32
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 13:50:06
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 14:30:16
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 15:31:02
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 17:53:01
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 18:26:56
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 18:03:01
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 17:58:09
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 17:54:55
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 11:09:17
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 19:38:55
XBV00020.VDF   : 8.11.237.30  4711936 Bytes  02.06.2015 11:52:10
XBV00021.VDF   : 8.11.243.12  2747904 Bytes  26.06.2015 13:56:31
XBV00022.VDF   : 8.11.248.172  2350592 Bytes  17.07.2015 08:45:51
XBV00023.VDF   : 8.11.254.112  2570752 Bytes  07.08.2015 12:46:45
XBV00024.VDF   : 8.12.3.6     2196480 Bytes  27.08.2015 13:18:43
XBV00025.VDF   : 8.12.8.238   1951232 Bytes  16.09.2015 16:26:25
XBV00026.VDF   : 8.12.16.180  2211328 Bytes  07.10.2015 09:37:26
XBV00027.VDF   : 8.12.21.126  2252288 Bytes  27.10.2015 11:37:24
XBV00042.VDF   : 8.12.21.128    20992 Bytes  27.10.2015 11:37:24
XBV00043.VDF   : 8.12.21.130    19456 Bytes  27.10.2015 11:37:25
XBV00044.VDF   : 8.12.21.132    30208 Bytes  28.10.2015 11:37:26
XBV00045.VDF   : 8.12.21.136    31744 Bytes  28.10.2015 11:37:28
XBV00046.VDF   : 8.12.21.138    18432 Bytes  28.10.2015 11:37:29
XBV00047.VDF   : 8.12.21.140     2048 Bytes  28.10.2015 11:37:29
XBV00048.VDF   : 8.12.21.170    35328 Bytes  28.10.2015 11:37:30
XBV00049.VDF   : 8.12.21.208     2048 Bytes  28.10.2015 10:00:37
XBV00050.VDF   : 8.12.21.210    23040 Bytes  28.10.2015 10:00:37
XBV00051.VDF   : 8.12.21.238    47616 Bytes  28.10.2015 10:00:38
XBV00052.VDF   : 8.12.22.10      2048 Bytes  28.10.2015 10:00:38
XBV00053.VDF   : 8.12.22.38     12288 Bytes  28.10.2015 10:00:38
XBV00054.VDF   : 8.12.22.40      2048 Bytes  28.10.2015 10:00:38
XBV00055.VDF   : 8.12.22.68     30720 Bytes  28.10.2015 10:00:39
XBV00056.VDF   : 8.12.22.70      2048 Bytes  28.10.2015 10:00:39
XBV00057.VDF   : 8.12.22.72      8704 Bytes  28.10.2015 10:00:39
XBV00058.VDF   : 8.12.22.74      2560 Bytes  28.10.2015 10:00:39
XBV00059.VDF   : 8.12.22.76      2048 Bytes  28.10.2015 10:00:39
XBV00060.VDF   : 8.12.22.80      4608 Bytes  29.10.2015 10:00:39
XBV00061.VDF   : 8.12.22.82      2048 Bytes  29.10.2015 10:00:39
XBV00062.VDF   : 8.12.22.84     14848 Bytes  29.10.2015 10:00:39
XBV00063.VDF   : 8.12.22.90     82432 Bytes  29.10.2015 10:00:40
XBV00064.VDF   : 8.12.22.92      2048 Bytes  29.10.2015 10:00:40
XBV00065.VDF   : 8.12.22.96     22528 Bytes  29.10.2015 10:00:41
XBV00066.VDF   : 8.12.22.98      2048 Bytes  29.10.2015 10:00:41
XBV00067.VDF   : 8.12.22.102    60928 Bytes  30.10.2015 10:00:41
XBV00068.VDF   : 8.12.22.126     9216 Bytes  30.10.2015 10:00:41
XBV00069.VDF   : 8.12.22.146     6656 Bytes  30.10.2015 10:00:42
XBV00070.VDF   : 8.12.22.166    25088 Bytes  30.10.2015 12:00:17
XBV00071.VDF   : 8.12.22.190    23552 Bytes  30.10.2015 11:50:08
XBV00072.VDF   : 8.12.22.192     2048 Bytes  30.10.2015 11:50:08
XBV00073.VDF   : 8.12.22.194     9216 Bytes  30.10.2015 11:50:08
XBV00074.VDF   : 8.12.22.196    11264 Bytes  30.10.2015 11:50:08
XBV00075.VDF   : 8.12.22.198    10752 Bytes  30.10.2015 11:50:09
XBV00076.VDF   : 8.12.22.200     2048 Bytes  30.10.2015 11:50:09
XBV00077.VDF   : 8.12.22.202    13824 Bytes  30.10.2015 11:50:09
XBV00078.VDF   : 8.12.22.204     8704 Bytes  30.10.2015 11:50:09
XBV00079.VDF   : 8.12.22.206    10240 Bytes  30.10.2015 11:50:09
XBV00080.VDF   : 8.12.22.208     8192 Bytes  30.10.2015 11:50:09
XBV00081.VDF   : 8.12.22.230    41472 Bytes  31.10.2015 11:50:10
XBV00082.VDF   : 8.12.22.250     2048 Bytes  31.10.2015 11:50:10
XBV00083.VDF   : 8.12.23.14      2048 Bytes  31.10.2015 11:50:10
XBV00084.VDF   : 8.12.23.34      9728 Bytes  31.10.2015 11:50:10
XBV00085.VDF   : 8.12.23.54      6144 Bytes  31.10.2015 11:50:10
XBV00086.VDF   : 8.12.23.74      7168 Bytes  31.10.2015 11:50:10
XBV00087.VDF   : 8.12.23.76      5632 Bytes  31.10.2015 11:50:11
XBV00088.VDF   : 8.12.23.78     41984 Bytes  01.11.2015 11:50:11
XBV00089.VDF   : 8.12.23.80      2048 Bytes  01.11.2015 11:50:11
XBV00090.VDF   : 8.12.23.102    16896 Bytes  01.11.2015 13:50:06
XBV00091.VDF   : 8.12.23.156    94720 Bytes  01.11.2015 11:33:26
XBV00092.VDF   : 8.12.23.176    41472 Bytes  02.11.2015 11:33:27
XBV00093.VDF   : 8.12.23.212     8704 Bytes  02.11.2015 11:33:27
XBV00094.VDF   : 8.12.23.230     5632 Bytes  02.11.2015 11:33:27
XBV00095.VDF   : 8.12.23.248     8192 Bytes  02.11.2015 11:33:27
XBV00096.VDF   : 8.12.24.10     11264 Bytes  02.11.2015 11:33:27
XBV00097.VDF   : 8.12.24.14     35328 Bytes  02.11.2015 19:02:26
XBV00098.VDF   : 8.12.24.16      2048 Bytes  02.11.2015 19:02:26
XBV00099.VDF   : 8.12.24.18     26624 Bytes  02.11.2015 19:02:26
XBV00100.VDF   : 8.12.24.20      2048 Bytes  02.11.2015 19:02:26
XBV00101.VDF   : 8.12.24.38     12288 Bytes  02.11.2015 19:02:27
XBV00102.VDF   : 8.12.24.54     11264 Bytes  03.11.2015 19:02:27
XBV00103.VDF   : 8.12.24.72     28672 Bytes  03.11.2015 19:02:27
XBV00104.VDF   : 8.12.24.88      9216 Bytes  03.11.2015 19:02:27
XBV00105.VDF   : 8.12.24.90      2048 Bytes  03.11.2015 19:02:27
XBV00106.VDF   : 8.12.24.92     24576 Bytes  03.11.2015 19:02:28
XBV00107.VDF   : 8.12.24.98     53248 Bytes  03.11.2015 10:58:29
XBV00108.VDF   : 8.12.24.114     9728 Bytes  03.11.2015 10:58:30
XBV00109.VDF   : 8.12.24.116     2048 Bytes  03.11.2015 10:58:30
XBV00110.VDF   : 8.12.24.132     7680 Bytes  03.11.2015 10:58:30
XBV00111.VDF   : 8.12.24.134     2048 Bytes  03.11.2015 10:58:30
XBV00112.VDF   : 8.12.24.150    32768 Bytes  04.11.2015 10:58:31
XBV00113.VDF   : 8.12.24.170    34816 Bytes  04.11.2015 10:58:31
XBV00114.VDF   : 8.12.24.186     2048 Bytes  04.11.2015 10:58:32
XBV00115.VDF   : 8.12.24.200    64512 Bytes  04.11.2015 10:58:32
XBV00116.VDF   : 8.12.24.214    10240 Bytes  04.11.2015 16:20:24
XBV00117.VDF   : 8.12.24.228     2048 Bytes  04.11.2015 16:20:24
XBV00118.VDF   : 8.12.24.244    28672 Bytes  04.11.2015 16:20:24
XBV00119.VDF   : 8.12.25.2      11776 Bytes  04.11.2015 20:20:30
XBV00120.VDF   : 8.12.25.16     50688 Bytes  04.11.2015 20:20:30
XBV00121.VDF   : 8.12.25.18     15360 Bytes  04.11.2015 12:41:12
XBV00122.VDF   : 8.12.25.20      9216 Bytes  04.11.2015 12:41:13
XBV00123.VDF   : 8.12.25.34      8704 Bytes  04.11.2015 12:41:14
XBV00124.VDF   : 8.12.25.36      2048 Bytes  04.11.2015 12:41:15
XBV00125.VDF   : 8.12.25.48      4096 Bytes  04.11.2015 12:41:15
XBV00126.VDF   : 8.12.25.62     46080 Bytes  05.11.2015 12:41:17
XBV00127.VDF   : 8.12.25.74     16896 Bytes  05.11.2015 12:41:18
XBV00128.VDF   : 8.12.25.76     14336 Bytes  05.11.2015 12:41:19
XBV00129.VDF   : 8.12.25.78     20992 Bytes  05.11.2015 12:41:20
XBV00130.VDF   : 8.12.25.82     34816 Bytes  05.11.2015 12:41:21
XBV00131.VDF   : 8.12.25.94     10752 Bytes  05.11.2015 12:41:22
XBV00132.VDF   : 8.12.25.106    15872 Bytes  05.11.2015 12:41:26
XBV00133.VDF   : 8.12.25.118     2048 Bytes  05.11.2015 12:41:27
XBV00134.VDF   : 8.12.25.130     2048 Bytes  05.11.2015 12:41:28
XBV00135.VDF   : 8.12.25.142    32768 Bytes  05.11.2015 12:41:30
XBV00136.VDF   : 8.12.25.154    16384 Bytes  05.11.2015 12:41:31
XBV00137.VDF   : 8.12.25.156     2048 Bytes  05.11.2015 12:41:31
XBV00138.VDF   : 8.12.25.158    12288 Bytes  05.11.2015 12:41:32
XBV00139.VDF   : 8.12.25.160     6656 Bytes  06.11.2015 12:41:33
XBV00140.VDF   : 8.12.25.166    30208 Bytes  06.11.2015 12:41:34
XBV00141.VDF   : 8.12.25.168     2048 Bytes  06.11.2015 12:41:34
XBV00142.VDF   : 8.12.25.180    15872 Bytes  06.11.2015 12:41:35
XBV00143.VDF   : 8.12.25.190     7168 Bytes  06.11.2015 12:41:35
XBV00144.VDF   : 8.12.25.192    15360 Bytes  06.11.2015 12:41:35
XBV00145.VDF   : 8.12.25.202     6144 Bytes  06.11.2015 12:41:36
XBV00146.VDF   : 8.12.25.214    55296 Bytes  06.11.2015 12:41:36
XBV00147.VDF   : 8.12.25.216     2048 Bytes  06.11.2015 12:41:37
XBV00148.VDF   : 8.12.25.226     7168 Bytes  06.11.2015 12:41:38
XBV00149.VDF   : 8.12.25.236     3072 Bytes  06.11.2015 12:41:38
XBV00150.VDF   : 8.12.25.246     2048 Bytes  06.11.2015 12:41:39
XBV00151.VDF   : 8.12.26.0      19456 Bytes  06.11.2015 12:41:40
XBV00152.VDF   : 8.12.26.10      2048 Bytes  06.11.2015 12:41:40
XBV00153.VDF   : 8.12.26.12      2048 Bytes  06.11.2015 12:41:41
XBV00154.VDF   : 8.12.26.24     40960 Bytes  07.11.2015 12:41:51
XBV00155.VDF   : 8.12.26.34      4608 Bytes  07.11.2015 12:41:51
XBV00156.VDF   : 8.12.26.42      6144 Bytes  07.11.2015 12:41:52
XBV00157.VDF   : 8.12.26.50     10752 Bytes  07.11.2015 12:41:53
XBV00158.VDF   : 8.12.26.58      7680 Bytes  07.11.2015 12:41:53
XBV00159.VDF   : 8.12.26.60     57856 Bytes  08.11.2015 12:42:03
XBV00160.VDF   : 8.12.26.68      2048 Bytes  08.11.2015 12:42:03
XBV00161.VDF   : 8.12.26.78     27648 Bytes  08.11.2015 11:12:49
XBV00162.VDF   : 8.12.26.86      2048 Bytes  08.11.2015 11:12:49
XBV00163.VDF   : 8.12.26.94     45056 Bytes  09.11.2015 11:12:49
XBV00164.VDF   : 8.12.26.102     6656 Bytes  09.11.2015 11:12:50
XBV00165.VDF   : 8.12.26.110    11776 Bytes  09.11.2015 11:12:50
XBV00166.VDF   : 8.12.26.112     2048 Bytes  09.11.2015 11:12:50
XBV00167.VDF   : 8.12.26.118     6656 Bytes  09.11.2015 11:12:50
XBV00168.VDF   : 8.12.26.124    23552 Bytes  09.11.2015 11:12:50
XBV00169.VDF   : 8.12.26.130     4096 Bytes  09.11.2015 11:12:50
XBV00170.VDF   : 8.12.26.136    17408 Bytes  09.11.2015 11:12:51
XBV00171.VDF   : 8.12.26.138    20480 Bytes  09.11.2015 11:12:51
XBV00172.VDF   : 8.12.26.154    21504 Bytes  09.11.2015 11:12:51
XBV00173.VDF   : 8.12.26.156     9728 Bytes  09.11.2015 11:12:51
XBV00174.VDF   : 8.12.26.158     4608 Bytes  09.11.2015 11:12:51
XBV00175.VDF   : 8.12.26.160     6144 Bytes  09.11.2015 11:12:52
XBV00176.VDF   : 8.12.26.162     7680 Bytes  09.11.2015 11:12:52
XBV00177.VDF   : 8.12.26.166    22016 Bytes  10.11.2015 11:12:52
XBV00178.VDF   : 8.12.26.172    10752 Bytes  10.11.2015 11:12:52
XBV00179.VDF   : 8.12.26.178     6656 Bytes  10.11.2015 11:12:52
XBV00180.VDF   : 8.12.26.184     5120 Bytes  10.11.2015 11:12:52
XBV00181.VDF   : 8.12.26.190     7680 Bytes  10.11.2015 11:12:53
XBV00182.VDF   : 8.12.26.192     2048 Bytes  10.11.2015 11:12:53
XBV00183.VDF   : 8.12.26.194     5632 Bytes  10.11.2015 19:01:54
XBV00184.VDF   : 8.12.26.196    24064 Bytes  10.11.2015 19:01:54
XBV00185.VDF   : 8.12.26.198     8192 Bytes  10.11.2015 19:01:55
XBV00186.VDF   : 8.12.26.200     8704 Bytes  10.11.2015 16:05:43
XBV00187.VDF   : 8.12.26.202     2048 Bytes  10.11.2015 16:05:44
XBV00188.VDF   : 8.12.26.204     2048 Bytes  10.11.2015 16:05:44
XBV00189.VDF   : 8.12.26.206     7168 Bytes  10.11.2015 16:05:44
XBV00190.VDF   : 8.12.26.208     2048 Bytes  10.11.2015 16:05:45
XBV00191.VDF   : 8.12.26.210    17920 Bytes  10.11.2015 16:05:45
XBV00192.VDF   : 8.12.26.218    21504 Bytes  11.11.2015 16:05:45
XBV00193.VDF   : 8.12.26.222    11776 Bytes  11.11.2015 16:05:46
XBV00194.VDF   : 8.12.26.226     7168 Bytes  11.11.2015 18:05:18
XBV00195.VDF   : 8.12.26.230     2048 Bytes  11.11.2015 18:05:18
XBV00196.VDF   : 8.12.26.236    15872 Bytes  11.11.2015 18:05:18
XBV00197.VDF   : 8.12.26.240    13312 Bytes  11.11.2015 20:05:47
XBV00198.VDF   : 8.12.26.242     5120 Bytes  11.11.2015 20:05:48
XBV00199.VDF   : 8.12.26.244    10240 Bytes  11.11.2015 11:47:55
XBV00200.VDF   : 8.12.26.246     8704 Bytes  11.11.2015 11:47:55
XBV00201.VDF   : 8.12.26.248     9728 Bytes  11.11.2015 11:47:55
XBV00202.VDF   : 8.12.26.250     8704 Bytes  11.11.2015 11:47:56
XBV00203.VDF   : 8.12.26.254    20992 Bytes  12.11.2015 11:47:56
XBV00204.VDF   : 8.12.27.2       6144 Bytes  12.11.2015 11:47:56
XBV00205.VDF   : 8.12.27.6       4608 Bytes  12.11.2015 11:47:56
XBV00206.VDF   : 8.12.27.16     11264 Bytes  12.11.2015 11:47:56
XBV00207.VDF   : 8.12.27.26      2048 Bytes  12.11.2015 11:47:56
XBV00208.VDF   : 8.12.27.36     27136 Bytes  12.11.2015 11:47:57
XBV00209.VDF   : 8.12.27.48     26624 Bytes  12.11.2015 16:11:42
XBV00210.VDF   : 8.12.27.62      3584 Bytes  12.11.2015 16:11:42
XBV00211.VDF   : 8.12.27.64      2048 Bytes  12.11.2015 16:11:42
XBV00212.VDF   : 8.12.27.74     22016 Bytes  12.11.2015 16:11:42
XBV00213.VDF   : 8.12.27.76      8704 Bytes  12.11.2015 16:11:43
XBV00214.VDF   : 8.12.27.78     17920 Bytes  13.11.2015 16:11:43
XBV00215.VDF   : 8.12.27.96     36352 Bytes  13.11.2015 16:11:43
XBV00216.VDF   : 8.12.27.104     6144 Bytes  13.11.2015 16:11:43
XBV00217.VDF   : 8.12.27.112    24576 Bytes  13.11.2015 16:11:44
XBV00218.VDF   : 8.12.27.120     9728 Bytes  13.11.2015 16:11:44
XBV00219.VDF   : 8.12.27.136    37376 Bytes  13.11.2015 16:11:44
XBV00220.VDF   : 8.12.27.144     2048 Bytes  13.11.2015 16:11:44
XBV00221.VDF   : 8.12.27.152    27136 Bytes  13.11.2015 16:11:45
XBV00222.VDF   : 8.12.27.154     2048 Bytes  13.11.2015 16:11:45
XBV00223.VDF   : 8.12.27.156    12800 Bytes  13.11.2015 16:11:45
XBV00224.VDF   : 8.12.27.158    12800 Bytes  13.11.2015 16:11:45
XBV00225.VDF   : 8.12.27.172   135680 Bytes  14.11.2015 16:11:47
XBV00226.VDF   : 8.12.27.178     2048 Bytes  14.11.2015 16:11:47
XBV00227.VDF   : 8.12.27.188    14848 Bytes  14.11.2015 16:11:47
XBV00228.VDF   : 8.12.27.194    19968 Bytes  14.11.2015 16:11:47
XBV00229.VDF   : 8.12.27.202    76288 Bytes  15.11.2015 13:48:02
XBV00230.VDF   : 8.12.27.208     2048 Bytes  15.11.2015 13:48:02
XBV00231.VDF   : 8.12.27.222    39936 Bytes  15.11.2015 17:48:07
XBV00232.VDF   : 8.12.27.226     2048 Bytes  15.11.2015 17:48:08
XBV00233.VDF   : 8.12.27.232    57344 Bytes  16.11.2015 18:12:11
XBV00234.VDF   : 8.12.27.238     2048 Bytes  16.11.2015 18:12:11
XBV00235.VDF   : 8.12.27.240     2048 Bytes  16.11.2015 18:12:11
XBV00236.VDF   : 8.12.27.246    11264 Bytes  16.11.2015 18:12:11
XBV00237.VDF   : 8.12.27.250     6656 Bytes  16.11.2015 18:12:11
XBV00238.VDF   : 8.12.27.254     6656 Bytes  16.11.2015 18:12:12
XBV00239.VDF   : 8.12.28.6       2048 Bytes  16.11.2015 18:12:12
XBV00240.VDF   : 8.12.28.14      9216 Bytes  16.11.2015 18:12:12
XBV00241.VDF   : 8.12.28.30    595968 Bytes  16.11.2015 18:12:17
XBV00242.VDF   : 8.12.28.44      2560 Bytes  16.11.2015 18:12:17
XBV00243.VDF   : 8.12.28.52      4608 Bytes  16.11.2015 18:12:17
XBV00244.VDF   : 8.12.28.60      2048 Bytes  16.11.2015 18:12:17
XBV00245.VDF   : 8.12.28.68      3072 Bytes  16.11.2015 20:12:33
XBV00246.VDF   : 8.12.28.76      2048 Bytes  16.11.2015 20:12:34
LOCAL000.VDF   : 8.12.28.76  144797184 Bytes  16.11.2015 20:12:47
Engineversion  : 8.3.34.72 
AEBB.DLL       : 8.1.2.0        60448 Bytes  11.08.2014 08:33:57
AECORE.DLL     : 8.3.9.0       249920 Bytes  14.11.2015 16:11:11
AEDROID.DLL    : 8.4.3.348    1800104 Bytes  08.11.2015 12:41:08
AEEMU.DLL      : 8.1.3.4       399264 Bytes  11.08.2014 08:34:00
AEEXP.DLL      : 8.4.2.134     277360 Bytes  14.11.2015 16:11:41
AEGEN.DLL      : 8.1.8.2       482424 Bytes  14.11.2015 16:11:13
AEHELP.DLL     : 8.3.2.2       281456 Bytes  29.06.2015 13:25:03
AEHEUR.DLL     : 8.1.4.2040   9915248 Bytes  14.11.2015 16:11:38
AEMOBILE.DLL   : 8.1.8.8       300968 Bytes  08.11.2015 12:41:11
AEOFFICE.DLL   : 8.3.1.56      408432 Bytes  19.10.2015 15:19:06
AEPACK.DLL     : 8.4.1.18      802880 Bytes  28.10.2015 11:36:12
AERDL.DLL      : 8.2.1.38      813928 Bytes  08.11.2015 12:40:35
AESBX.DLL      : 8.2.21.2     1629032 Bytes  08.11.2015 12:40:52
AESCN.DLL      : 8.3.4.0       141216 Bytes  14.11.2015 16:11:39
AESCRIPT.DLL   : 8.3.0.2       538536 Bytes  14.11.2015 16:11:41
AEVDF.DLL      : 8.3.2.2       141216 Bytes  25.08.2015 17:52:39
AVWINLL.DLL    : 15.0.13.158    29600 Bytes  15.10.2015 11:21:40
AVPREF.DLL     : 15.0.13.158    55864 Bytes  15.10.2015 11:22:02
AVREP.DLL      : 15.0.13.158   225320 Bytes  15.10.2015 11:22:05
AVARKT.DLL     : 15.0.13.158   232000 Bytes  15.10.2015 11:21:42
AVEVTLOG.DLL   : 15.0.13.190   202112 Bytes  15.10.2015 11:21:48
SQLITE3.DLL    : 15.0.13.158   461672 Bytes  15.10.2015 11:25:16
AVSMTP.DLL     : 15.0.13.158    82120 Bytes  15.10.2015 11:22:13
NETNT.DLL      : 15.0.13.158    18792 Bytes  15.10.2015 11:24:54
CommonImageRc.dll: 15.0.13.190  4308216 Bytes  15.10.2015 11:21:40
CommonTextRc.dll: 15.0.13.158    70784 Bytes  15.10.2015 11:21:40

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Prüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 20. November 2015  19:21

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, Q:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'upeksvr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'FBService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'vcamsvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService2x64.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebUpdateSvc4.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'mini_WMCore.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'RCIMGDIR.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'pcee4.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.EXE' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetBak.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileAccess.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSCNotify.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcplaunch.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'MacheenService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'VIPAppService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'DZSVC64.EXE' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrivacyIconClient.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'VIPUIManager.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2056' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows7_OS>
    [0] Archivtyp: RSRC
    --> C:\Program Files\ThinkVantage Fingerprint Software\Drivers\WUDFUpdate_01009.dll
        [1] Archivtyp: RSRC
      --> C:\Users\Armin\AppData\Local\Temp\is-3PC3Q.tmp\PDFCreator-Setup.exe
          [2] Archivtyp: Inno Setup
        --> {tmp}\OCSetupHlp.dll
            [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Armin\AppData\Local\Temp\is-3PC3Q.tmp\PDFCreator-Setup.exe
  [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
      --> C:\Users\Armin\AppData\Local\Temp\is-R64AP.tmp\PDFCreator-Setup.exe
          [2] Archivtyp: Inno Setup
        --> {tmp}\OCSetupHlp.dll
            [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Armin\AppData\Local\Temp\is-R64AP.tmp\PDFCreator-Setup.exe
  [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
Beginne mit der Suche in 'Q:\' <Lenovo_Recovery>

Beginne mit der Desinfektion:
C:\Users\Armin\AppData\Local\Temp\is-R64AP.tmp\PDFCreator-Setup.exe
  [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [WARNUNG]   Fehler in der ARK Library
  [HINWEIS]   Die Datei wurde zum Löschen nach einem Neustart markiert.
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
C:\Users\Armin\AppData\Local\Temp\is-3PC3Q.tmp\PDFCreator-Setup.exe
  [FUND]      Enthält Muster der Software PUA/OpenCandy.Gen
  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [WARNUNG]   Fehler in der ARK Library
  [HINWEIS]   Die Datei wurde zum Löschen nach einem Neustart markiert.
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.


Ende des Suchlaufs: Freitag, 20. November 2015  22:07
Benötigte Zeit:  1:27:31 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  37795 Verzeichnisse wurden überprüft
 1033908 Dateien wurden geprüft
      4 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1033904 Dateien ohne Befall
  13497 Archive wurden durchsucht
      4 Warnungen
      2 Hinweise
 986654 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Die Reparaturanweisungen wurden in die Datei 'C:\avrescue\rescue.avp' geschrieben.
         


Alt 22.11.2015, 09:48   #6
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Anbei der Logfile von FRST:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
durchgeführt von Armin (Administrator) auf T430 (22-11-2015 09:51:10)
Gestartet von D:\trojaner-board Win7
Geladene Profile: UpdatusUser & Armin (Verfügbare Profile: UpdatusUser & Armin & Karin & Sandra)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(QNAP Systems, Inc.) C:\Program Files (x86)\QNAP\NetBak\NetBak.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
() D:\trojaner-board Win7\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [64608 2012-05-30] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [128352 2007-11-19] (CANON INC.)
HKLM-x32\...\Run: [QNAP_NASNetBak] => C:\Program Files (x86)\QNAP\NetBak\NetBak.exe [720896 2009-07-10] (QNAP Systems, Inc.)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [955280 2012-04-27] (Samsung)
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\...\MountPoints2: {dd809655-1194-11e2-a2cb-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{09023800-BAC1-40CB-BEAB-E946F2F2E0B5}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-4279511978-3708048889-3883205738-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE518
SearchScopes: HKU\S-1-5-21-4279511978-3708048889-3883205738-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE518
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-18] (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2012-12-14] (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-18] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2012-12-14] (pdfforge GbR)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-4279511978-3708048889-3883205738-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-23] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4279511978-3708048889-3883205738-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [Keine Datei]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-10-08] [ist nicht signiert]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\gcswf32.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => Keine Datei
CHR Plugin: (Norton Confidential) - C:\Users\Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Armin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Armin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522912 2012-12-14] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [906464 2012-12-14] (pdfforge GbR)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [Datei ist nicht signiert]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-15] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249192 2012-05-31] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-20 19:02 - 2015-11-22 09:51 - 00000000 ____D C:\FRST
2015-11-20 19:02 - 2015-11-20 19:02 - 00000000 _____ C:\Users\Armin\defogger_reenable
2015-11-12 12:48 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 17:19 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 17:19 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 17:19 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 17:19 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 17:19 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 17:19 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 17:19 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 17:19 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 17:19 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 17:19 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 17:19 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 17:19 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 17:19 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 17:19 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 17:19 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 17:19 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 17:19 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 17:19 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 17:19 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 17:19 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 17:19 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 17:19 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 17:19 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 17:19 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 17:19 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 17:19 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 17:19 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 17:19 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 17:19 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 17:19 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 17:19 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 17:19 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 17:19 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 17:19 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 17:19 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 17:19 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 17:19 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 17:19 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 17:19 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 17:19 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 17:19 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 17:19 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 17:19 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 17:19 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 17:19 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 17:19 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 17:19 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 17:19 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 17:19 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 17:19 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 17:19 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 17:19 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 17:19 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 17:19 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 17:19 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 17:19 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 17:19 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 17:19 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 17:19 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 17:19 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 17:19 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 17:19 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 17:19 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 17:19 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 17:16 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 17:16 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 17:16 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 17:16 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 17:16 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 17:16 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 17:16 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 17:16 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 17:16 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 17:16 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 17:10 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 17:10 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 17:10 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 17:10 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 17:10 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 17:10 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 17:10 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 17:10 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 17:10 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 17:10 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 17:10 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 17:10 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 17:10 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 17:10 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 17:10 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 17:10 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 17:10 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 17:10 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 17:10 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 17:10 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 17:10 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 17:10 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 17:10 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 17:10 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 17:10 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 17:10 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 17:10 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 17:10 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 17:10 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 17:10 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 17:10 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 17:10 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 17:10 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:10 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:10 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 17:10 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 17:10 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 17:10 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 17:10 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 17:10 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 17:10 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 17:10 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 17:10 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-22 09:43 - 2013-01-12 15:38 - 00000000 ____D C:\Users\Armin\AppData\Roaming\Nitro PDF
2015-11-22 09:43 - 2012-10-09 09:02 - 00669012 _____ C:\Windows\system32\perfh007.dat
2015-11-22 09:43 - 2012-10-09 09:02 - 00134796 _____ C:\Windows\system32\perfc007.dat
2015-11-22 09:43 - 2009-07-14 06:13 - 01527002 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-22 09:41 - 2012-10-08 23:33 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-22 09:38 - 2009-07-14 05:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 09:38 - 2009-07-14 05:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 09:34 - 2012-10-08 23:15 - 01385119 _____ C:\Windows\WindowsUpdate.log
2015-11-22 09:30 - 2012-10-08 23:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-22 09:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-22 09:30 - 2009-07-14 05:51 - 00012004 _____ C:\Windows\setupact.log
2015-11-21 07:12 - 2012-10-08 23:33 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-20 22:08 - 2010-11-21 04:47 - 00736754 _____ C:\Windows\PFRO.log
2015-11-20 19:08 - 2013-01-12 15:35 - 00000000 ____D C:\Users\Armin\AppData\LocalLow\VeriSign
2015-11-20 19:02 - 2013-01-12 15:31 - 00000000 ____D C:\Users\Armin
2015-11-16 19:13 - 2013-01-12 18:27 - 00000000 ____D C:\Users\Sandra\AppData\LocalLow\VeriSign
2015-11-16 19:06 - 2013-01-12 18:26 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Nitro PDF
2015-11-14 17:23 - 2013-01-12 18:24 - 00000000 ____D C:\Users\Sandra\AppData\Local\MobileAccess
2015-11-14 17:00 - 2009-07-14 05:45 - 00367024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 13:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-11 22:41 - 2013-08-14 22:48 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 22:37 - 2013-07-10 12:20 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 22:32 - 2011-12-08 21:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 12:09 - 2014-05-31 18:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-10 12:09 - 2014-05-31 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-08 13:29 - 2013-01-13 17:40 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\NetBak
2015-11-04 17:15 - 2013-03-03 20:44 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\vlc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-01-12 15:35 - 2014-01-15 19:31 - 0000313 _____ () C:\ProgramData\LastUpdate.xml

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Sandra\vlc-1.1.0-win32.exe


Einige Dateien in TEMP:
====================
C:\Users\Armin\AppData\Local\Temp\AskSLib.dll
C:\Users\Armin\AppData\Local\Temp\avgnt.exe
C:\Users\Karin\AppData\Local\Temp\AskSLib.dll
C:\Users\Sandra\AppData\Local\Temp\AskSLib.dll
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\Sandra\AppData\Local\Temp\vdvwivdn.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-20 21:10

==================== Ende von FRST.txt ============================
         
--- --- ---


und Addition.txt:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-11-2015
durchgeführt von Armin (2015-11-22 09:51:47)
Gestartet von D:\trojaner-board Win7
Windows 7 Professional Service Pack 1 (X64) (2013-01-12 14:31:23)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4279511978-3708048889-3883205738-500 - Administrator - Disabled)
Armin (S-1-5-21-4279511978-3708048889-3883205738-1001 - Administrator - Enabled) => C:\Users\Armin
Gast (S-1-5-21-4279511978-3708048889-3883205738-501 - Limited - Disabled)
Karin (S-1-5-21-4279511978-3708048889-3883205738-1002 - Limited - Enabled) => C:\Users\Karin
Sandra (S-1-5-21-4279511978-3708048889-3883205738-1003 - Administrator - Enabled) => C:\Users\Sandra
UpdatusUser (S-1-5-21-4279511978-3708048889-3883205738-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2725 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version: 3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.1.0 - Ericsson AB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nitro Pro 7 (HKLM\...\{36710189-55DF-4D75-8B6A-523CC61B7047}) (Version: 7.4.1.4 - Nitro PDF Software)
NVIDIA 3D Vision Treiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.88 - NVIDIA Corporation)
NVIDIA Grafiktreiber 296.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Update 1.7.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.13 - NVIDIA Corporation)
PDF Architect (HKLM-x32\...\{09531CAE-B186-49A9-B44F-C607CC54FA2A}) (Version: 1.0.51.8724 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
QNAP NetBak Replicator (HKLM-x32\...\QNAP_NASNetBak) (Version:  - )
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkVantage Access Connections (HKLM-x32\...\{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}) (Version: 5.95 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{479016BF-5B8D-445F-BE15-A187F25D81C8}) (Version: 5.9.6.7084 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

22-10-2015 20:34:18 Geplanter Prüfpunkt
30-10-2015 13:24:50 Geplanter Prüfpunkt
08-11-2015 14:22:07 Geplanter Prüfpunkt
11-11-2015 22:27:57 Windows Update
12-11-2015 16:47:09 Windows Update
20-11-2015 21:17:27 Geplanter Prüfpunkt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {005664AE-9AD1-4B7D-A863-93EE646D718B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0150359F-702B-42BF-95D0-A1A1294E9F44} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {0EBF9111-8127-48D5-BD99-6043C6B375A8} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for T430.Sandra => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {4B6CDBB4-1F46-45FA-B6E0-CACE606C9C5A} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {8426797D-8C50-455E-8229-AB418E5BD6D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {BFBCD914-F2AB-4BDC-81D0-9BA04C69EF62} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {C6DA47CC-CA3C-461D-BAA3-68924F407B07} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-16] (Lenovo)
Task: {D78709AC-3762-4C58-B9E1-37650AC92DBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DF3A723A-AFCD-48F1-A1C1-59C6C783DBD3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {E13AD73A-8D9E-46FB-8D3E-A47C350D922E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {FE7B5AD3-DC88-476A-A295-663DD82DBD7E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-10-08 23:25 - 2012-05-15 22:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-10-08 23:21 - 2012-04-09 00:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-20 18:54 - 2015-11-20 16:24 - 00050477 _____ () D:\trojaner-board Win7\Defogger.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-08 23:30 - 2012-01-17 07:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-10-08 23:26 - 2011-08-02 03:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-10-08 23:26 - 2011-08-02 03:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-10-08 23:20 - 2011-07-13 09:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2012-05-30 16:32 - 2012-05-30 16:32 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2012-10-08 23:19 - 2012-02-21 04:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4279511978-3708048889-3883205738-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5BDC4FE6-E93B-4CCC-BC51-F4E88C3898FC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4CE13AC2-4EE3-4450-9612-0CDD3F666266}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{75A7FBC2-0ED0-436C-B931-8234A29B5EE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0872FC13-CFE6-4553-B237-230C6E983D0E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8A7E795-20F9-49B4-B0FE-DE57C181E5F8}] => (Allow) LPort=2869
FirewallRules: [{51F0AB41-3A02-48A6-A68E-8F83F4F367B3}] => (Allow) LPort=1900
FirewallRules: [{F004CB88-ABF3-42A0-89F8-FC2F42CECE4E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{03B5831B-AA70-4010-A106-AA8BA409C606}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6004141C-678D-4D65-B781-85BFA7F685E5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{860D9E72-C645-4D5B-B7F4-638FC34D5D41}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{A32586E3-4036-48BE-ACA6-1933EF88DE2E}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{7EBFFBAC-8834-4B80-8525-E51AA7D5D6A0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9E29A118-92D3-44DA-9718-DE081F2ED00D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{F2E13F0F-BBB3-4AFC-94B7-4EA9DCB9CD46}C:\program files (x86)\qnap\netbak\netbak.exe] => (Allow) C:\program files (x86)\qnap\netbak\netbak.exe
FirewallRules: [UDP Query User{5E5022CB-BF56-47D5-B653-C929E2D1AA1D}C:\program files (x86)\qnap\netbak\netbak.exe] => (Allow) C:\program files (x86)\qnap\netbak\netbak.exe
FirewallRules: [TCP Query User{3651EE2D-19AA-4AFD-A6D5-B3D3831E2600}C:\users\sandra\appdata\roaming\icq\application\icq7.2\icq.exe] => (Block) C:\users\sandra\appdata\roaming\icq\application\icq7.2\icq.exe
FirewallRules: [UDP Query User{E38EC3B7-EA9A-4353-82F5-C4EFD02E506E}C:\users\sandra\appdata\roaming\icq\application\icq7.2\icq.exe] => (Block) C:\users\sandra\appdata\roaming\icq\application\icq7.2\icq.exe
FirewallRules: [{D5CECE61-7886-4885-A39F-BE578DB0F904}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A3F16A17-DF59-408C-B64A-17D3C3D5F52F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6329B99B-08A3-4826-830D-A4DB4FABA1EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAFD7F5B-1D27-4B00-A7D2-C6A2B8474A4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57C5C5F7-9740-4F48-B204-60D14D8FBCA2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{43723175-2122-4F3C-98E6-6EFBEA1A0B5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/22/2015 09:30:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2015 10:09:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2015 07:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 07:02:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 02:37:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2015 05:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2015 00:37:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 04:55:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 05:51:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 00:02:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/20/2015 10:17:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/20/2015 10:14:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (11/16/2015 07:54:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/16/2015 07:54:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/14/2015 06:43:30 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (11/14/2015 06:43:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (11/14/2015 06:43:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (11/14/2015 06:43:23 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/14/2015 06:43:23 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/08/2015 03:49:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.


CodeIntegrity:
===================================
  Date: 2013-03-29 17:30:14.661
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 19:56:39.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-05 19:54:32.083
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 7915.94 MB
Verfügbarer physikalischer RAM: 5765.38 MB
Summe virtueller Speicher: 15830.09 MB
Verfügbarer virtueller Speicher: 13376.19 MB

==================== Laufwerke ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:245.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (VERBATIM) (Removable) (Total:117.16 GB) (Free:117.01 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:1.33 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3770BDA0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 117.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
sowie mbar-log-2015-11-22 (09-57-52).txt:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.22.01
  rootkit: v2015.11.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18097
Armin :: T430 [administrator]

22.11.2015 09:57:52
mbar-log-2015-11-22 (09-57-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 477619
Time elapsed: 31 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 22.11.2015, 09:52   #7
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



und TDSSKiller:
Code:
ATTFilter
10:31:22.0613 0x170c  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
10:31:25.0343 0x170c  =============================
10:31:25.0343 0x170c  Current date / time: 2015/11/22 10:31:25.0343
10:31:25.0343 0x170c  SystemInfo:
10:31:25.0343 0x170c  
10:31:25.0343 0x170c  OS Version: 6.1.7601 ServicePack: 1.0
10:31:25.0343 0x170c  Product type: Workstation
10:31:25.0343 0x170c  ComputerName: T430
10:31:25.0343 0x170c  UserName: Armin
10:31:25.0343 0x170c  Windows directory: C:\Windows
10:31:25.0343 0x170c  System windows directory: C:\Windows
10:31:25.0343 0x170c  Running under WOW64
10:31:25.0343 0x170c  Processor architecture: Intel x64
10:31:25.0343 0x170c  Number of processors: 4
10:31:25.0343 0x170c  Page size: 0x1000
10:31:25.0343 0x170c  Boot type: Normal boot
10:31:25.0343 0x170c  ============================================================
10:31:26.0778 0x170c  KLMD registered as C:\Windows\system32\drivers\61009481.sys
10:31:27.0371 0x170c  System UUID: {2A125ABF-611F-1D06-B0BD-4224E1BC5A45}
10:31:27.0808 0x170c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:31:27.0823 0x170c  Drive \Device\Harddisk1\DR1 - Size: 0x1D4C000000 ( 117.19 Gb ), SectorSize: 0x200, Cylinders: 0x3BC1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:31:27.0823 0x170c  ===========================
10:31:27.0823 0x170c  \Device\Harddisk0\DR0:
10:31:27.0823 0x170c  MBR partitions:
10:31:27.0823 0x170c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
10:31:27.0823 0x170c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3853F000
10:31:27.0823 0x170c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3882D800, BlocksNum 0x1B58000
10:31:27.0823 0x170c  \Device\Harddisk1\DR1:
10:31:27.0823 0x170c  MBR partitions:
10:31:27.0823 0x170c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x80, BlocksNum 0xEA5FF80
10:31:27.0823 0x170c  ============================================================
10:31:27.0839 0x170c  C: <-> \Device\Harddisk0\DR0\Partition2
10:31:27.0886 0x170c  Q: <-> \Device\Harddisk0\DR0\Partition3
10:31:27.0886 0x170c  ================================
10:31:27.0886 0x170c  Initialize success
10:31:27.0886 0x170c  =================================
10:31:34.0484 0x210c  =============================
10:31:34.0484 0x210c  Scan started
10:31:34.0484 0x210c  Mode: Manual; SigCheck; TDLFS; 
10:31:34.0484 0x210c  ============================================================
10:31:34.0484 0x210c  KSN ping started
10:31:37.0121 0x210c  KSN ping finished: true
10:31:37.0948 0x210c  ================ Scan system memory ========================
10:31:37.0948 0x210c  System memory - ok
10:31:37.0948 0x210c  ================ Scan services =============================
10:31:38.0088 0x210c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:31:38.0135 0x210c  1394ohci - ok
10:31:38.0182 0x210c  [ 1F305C858E7B5E537C9B783D46243A7A, 0DA7B31949C48FB42DBF61EC71ACCFD1CEB3B6135DC3FA0FEC4A9DE25A1405BA ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
10:31:38.0197 0x210c  5U877 - ok
10:31:38.0213 0x210c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:31:38.0228 0x210c  ACPI - ok
10:31:38.0228 0x210c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:31:38.0244 0x210c  AcpiPmi - ok
10:31:38.0353 0x210c  [ 2540FC407E5CCBEEB981755A3B6AFF58, 352520A8E601DEEE45928918216D86775C33E21144F09B807C3E459434062088 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
10:31:38.0369 0x210c  AcPrfMgrSvc - ok
10:31:38.0400 0x210c  [ 5463D786E083B8D50CF44FFF0926CECA, DC9F9D1618B9E604B3AA8685A929B36CEE7847238D4D64B2E0A1B0E4FDC0F3A2 ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
10:31:38.0416 0x210c  AcSvc - ok
10:31:38.0447 0x210c  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:31:38.0447 0x210c  AdobeARMservice - ok
10:31:38.0509 0x210c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:31:38.0525 0x210c  adp94xx - ok
10:31:38.0556 0x210c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:31:38.0572 0x210c  adpahci - ok
10:31:38.0587 0x210c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:31:38.0587 0x210c  adpu320 - ok
10:31:38.0603 0x210c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:31:38.0634 0x210c  AeLookupSvc - ok
10:31:38.0696 0x210c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
10:31:38.0728 0x210c  AFD - ok
10:31:38.0743 0x210c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:31:38.0759 0x210c  agp440 - ok
10:31:38.0759 0x210c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:31:38.0774 0x210c  ALG - ok
10:31:38.0774 0x210c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:31:38.0790 0x210c  aliide - ok
10:31:38.0790 0x210c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:31:38.0790 0x210c  amdide - ok
10:31:38.0790 0x210c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:31:38.0806 0x210c  AmdK8 - ok
10:31:38.0806 0x210c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:31:38.0821 0x210c  AmdPPM - ok
10:31:38.0821 0x210c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:31:38.0821 0x210c  amdsata - ok
10:31:38.0837 0x210c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:31:38.0837 0x210c  amdsbs - ok
10:31:38.0852 0x210c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:31:38.0852 0x210c  amdxata - ok
10:31:38.0993 0x210c  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
10:31:39.0851 0x210c  AntiVirMailService - ok
10:31:39.0929 0x210c  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:31:39.0960 0x210c  AntiVirSchedulerService - ok
10:31:39.0991 0x210c  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:31:40.0007 0x210c  AntiVirService - ok
10:31:40.0085 0x210c  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
10:31:40.0116 0x210c  AntiVirWebService - ok
10:31:40.0178 0x210c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
10:31:40.0194 0x210c  AppID - ok
10:31:40.0210 0x210c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:31:40.0225 0x210c  AppIDSvc - ok
10:31:40.0272 0x210c  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
10:31:40.0288 0x210c  Appinfo - ok
10:31:40.0350 0x210c  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:31:40.0366 0x210c  Apple Mobile Device - ok
10:31:40.0397 0x210c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:31:40.0412 0x210c  AppMgmt - ok
10:31:40.0444 0x210c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
10:31:40.0444 0x210c  arc - ok
10:31:40.0459 0x210c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:31:40.0459 0x210c  arcsas - ok
10:31:40.0475 0x210c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:40.0506 0x210c  AsyncMac - ok
10:31:40.0522 0x210c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:31:40.0522 0x210c  atapi - ok
10:31:40.0600 0x210c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:31:40.0631 0x210c  AudioEndpointBuilder - ok
10:31:40.0631 0x210c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:31:40.0646 0x210c  AudioSrv - ok
10:31:40.0709 0x210c  [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:31:40.0740 0x210c  avgntflt - ok
10:31:40.0756 0x210c  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:31:40.0771 0x210c  avipbb - ok
10:31:40.0880 0x210c  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
10:31:40.0912 0x210c  Avira.ServiceHost - ok
10:31:40.0927 0x210c  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:31:40.0927 0x210c  avkmgr - ok
10:31:40.0974 0x210c  [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
10:31:40.0974 0x210c  avnetflt - ok
10:31:41.0005 0x210c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:31:41.0036 0x210c  AxInstSV - ok
10:31:41.0083 0x210c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:31:41.0114 0x210c  b06bdrv - ok
10:31:41.0130 0x210c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:31:41.0161 0x210c  b57nd60a - ok
10:31:41.0192 0x210c  [ F01759FA97126CC69DFA85CEDA0717A1, 5B23B61562349D13311B7FCF783BDC9439698DACA5724B83B3568121497C7FC8 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
10:31:41.0208 0x210c  bcbtums - ok
10:31:41.0208 0x210c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:31:41.0208 0x210c  BDESVC - ok
10:31:41.0224 0x210c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:31:41.0255 0x210c  Beep - ok
10:31:41.0302 0x210c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:31:41.0317 0x210c  BFE - ok
10:31:41.0348 0x210c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:31:41.0380 0x210c  BITS - ok
10:31:41.0395 0x210c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:31:41.0411 0x210c  blbdrive - ok
10:31:41.0489 0x210c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:31:41.0520 0x210c  Bonjour Service - ok
10:31:41.0551 0x210c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:31:41.0567 0x210c  bowser - ok
10:31:41.0598 0x210c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:31:41.0598 0x210c  BrFiltLo - ok
10:31:41.0614 0x210c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:31:41.0614 0x210c  BrFiltUp - ok
10:31:41.0645 0x210c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:31:41.0660 0x210c  Browser - ok
10:31:41.0676 0x210c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:31:41.0692 0x210c  Brserid - ok
10:31:41.0692 0x210c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:31:41.0707 0x210c  BrSerWdm - ok
10:31:41.0707 0x210c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:31:41.0723 0x210c  BrUsbMdm - ok
10:31:41.0723 0x210c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:31:41.0738 0x210c  BrUsbSer - ok
10:31:41.0770 0x210c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
10:31:41.0770 0x210c  BthEnum - ok
10:31:41.0770 0x210c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:31:41.0785 0x210c  BTHMODEM - ok
10:31:41.0785 0x210c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:31:41.0801 0x210c  BthPan - ok
10:31:41.0816 0x210c  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
10:31:41.0832 0x210c  BTHPORT - ok
10:31:41.0863 0x210c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:31:41.0894 0x210c  bthserv - ok
10:31:41.0894 0x210c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
10:31:41.0910 0x210c  BTHUSB - ok
10:31:41.0957 0x210c  [ 3AFF6DC496B8A8D12C867E3FC7C86FAC, 72541F7F9AF6278B8F19F2DBCCADC4FF47171866E04FB5A1010D9AFDF69F7D11 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
10:31:41.0972 0x210c  btwampfl - ok
10:31:41.0988 0x210c  [ 336BBA0909B3636AB7D06A71D7B1C0DC, 3BC7593272101C340681A9909F9215580F8942DA54E9B251E3AC35B8D39D9B89 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
10:31:41.0988 0x210c  btwaudio - ok
10:31:42.0004 0x210c  [ 9FF58F76024D25784755B01F926B00BE, 7A2504E326E63B7225FA25EA6D6ED3E7267278F5D2343A375D7F3B3F74EC9F38 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
10:31:42.0019 0x210c  btwavdt - ok
10:31:42.0082 0x210c  [ 26A80D7ACA49E03A403806418B5FED46, 52539FC9F5796002FD66393C759393717E3E242392B2E9039AD12B6D973B78BD ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
10:31:42.0097 0x210c  btwdins - ok
10:31:42.0113 0x210c  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
10:31:42.0113 0x210c  btwl2cap - ok
10:31:42.0128 0x210c  [ EDD953D635F3AA89EF902E3F82D60D22, 22A60B225A1AD0F25B9715338C805FED9D5F4BCAC296BBC0D045C6935BDA55E7 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
10:31:42.0128 0x210c  btwrchid - ok
10:31:42.0144 0x210c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:31:42.0160 0x210c  cdfs - ok
10:31:42.0206 0x210c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:31:42.0206 0x210c  cdrom - ok
10:31:42.0238 0x210c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:31:42.0253 0x210c  CertPropSvc - ok
10:31:42.0269 0x210c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:31:42.0284 0x210c  circlass - ok
10:31:42.0316 0x210c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
10:31:42.0331 0x210c  CLFS - ok
10:31:42.0394 0x210c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:42.0409 0x210c  clr_optimization_v2.0.50727_32 - ok
10:31:42.0440 0x210c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:31:42.0456 0x210c  clr_optimization_v2.0.50727_64 - ok
10:31:42.0503 0x210c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:42.0503 0x210c  clr_optimization_v4.0.30319_32 - ok
10:31:42.0550 0x210c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:31:42.0565 0x210c  clr_optimization_v4.0.30319_64 - ok
10:31:42.0596 0x210c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:31:42.0596 0x210c  CmBatt - ok
10:31:42.0612 0x210c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:31:42.0628 0x210c  cmdide - ok
10:31:42.0674 0x210c  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:31:42.0706 0x210c  CNG - ok
10:31:42.0737 0x210c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:31:42.0737 0x210c  Compbatt - ok
10:31:42.0752 0x210c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:31:42.0768 0x210c  CompositeBus - ok
10:31:42.0768 0x210c  COMSysApp - ok
10:31:42.0830 0x210c  [ BA4EF9EB2FFA3F2DF9D207B8A9A027F5, A3CF7E47212ADF4C1170FDF91ACAF7CFB34EDC7AF52C70F69F60703139DDAA68 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:31:42.0846 0x210c  cphs - ok
10:31:42.0846 0x210c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:31:42.0862 0x210c  crcdisk - ok
10:31:42.0908 0x210c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:31:42.0940 0x210c  CryptSvc - ok
10:31:42.0955 0x210c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
10:31:42.0971 0x210c  CSC - ok
10:31:43.0002 0x210c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
10:31:43.0018 0x210c  CscService - ok
10:31:43.0049 0x210c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:31:43.0080 0x210c  DcomLaunch - ok
10:31:43.0096 0x210c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:31:43.0127 0x210c  defragsvc - ok
10:31:43.0158 0x210c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:31:43.0174 0x210c  DfsC - ok
10:31:43.0205 0x210c  [ 113212D25D0C9BB8901A9833774DA97F, 316AF9E7A8C4016623F7E908E14E058238F395934026A209DAA467415A77CC6A ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:31:43.0205 0x210c  dg_ssudbus - ok
10:31:43.0236 0x210c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:31:43.0252 0x210c  Dhcp - ok
10:31:43.0267 0x210c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:31:43.0298 0x210c  discache - ok
10:31:43.0345 0x210c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
10:31:43.0361 0x210c  Disk - ok
10:31:43.0376 0x210c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
10:31:43.0392 0x210c  dmvsc - ok
10:31:43.0423 0x210c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:31:43.0423 0x210c  Dnscache - ok
10:31:43.0439 0x210c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:31:43.0470 0x210c  dot3svc - ok
10:31:43.0517 0x210c  [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
10:31:43.0517 0x210c  DozeSvc - ok
10:31:43.0532 0x210c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:31:43.0564 0x210c  DPS - ok
10:31:43.0579 0x210c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:31:43.0595 0x210c  drmkaud - ok
10:31:43.0657 0x210c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:31:43.0688 0x210c  DXGKrnl - ok
10:31:43.0704 0x210c  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
10:31:43.0720 0x210c  DzHDD64 - ok
10:31:43.0751 0x210c  [ 03F4C5C12FC1C69F838DA723475EF650, 7D80623ED1060F904AF85B87620DF8DC153504FABC0E447C1D3A07D0372D7B9F ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
10:31:43.0751 0x210c  e1cexpress - ok
10:31:43.0782 0x210c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:31:43.0798 0x210c  EapHost - ok
10:31:43.0876 0x210c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:31:43.0938 0x210c  ebdrv - ok
10:31:43.0985 0x210c  [ B90BEFCCEB59C83AC65BFD39EF7404F4, E67C41BF4512948F4F30CE981F4BCF52E3A93EBBAE8408783E9D2D3A04C5CB46 ] ecnssndis       C:\Windows\system32\Drivers\wwuss64.sys
10:31:44.0000 0x210c  ecnssndis - ok
10:31:44.0016 0x210c  [ 1CF09C0555BE49EFE96B33BDA514A334, 63D57C887EB259EA364CBF89AB1D85D7C86D980AAD26E727185ED48348D60A15 ] ecnssndisfltr   C:\Windows\system32\Drivers\wwussf64.sys
10:31:44.0016 0x210c  ecnssndisfltr - ok
10:31:44.0063 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
10:31:44.0063 0x210c  EFS - ok
10:31:44.0125 0x210c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:31:44.0141 0x210c  ehRecvr - ok
10:31:44.0156 0x210c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:31:44.0172 0x210c  ehSched - ok
10:31:44.0219 0x210c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:31:44.0250 0x210c  elxstor - ok
10:31:44.0250 0x210c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:31:44.0250 0x210c  ErrDev - ok
10:31:44.0297 0x210c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:31:44.0312 0x210c  EventSystem - ok
10:31:44.0344 0x23ac  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
10:31:44.0390 0x210c  [ 23D401A43DADED10A153B9F3A7E66C91, 3B6466108FFB04EC07CA07D2EAAA9F6537CBE1F2D800AAADE9C1E0C8DBADDFB5 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:31:44.0406 0x210c  EvtEng - ok
10:31:44.0437 0x210c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:31:44.0453 0x210c  exfat - ok
10:31:44.0484 0x210c  [ EB3A7D5663ACAC417DF986D4AEE12170, E2E7A0DEF42E0E9D8E2A70FAEC84D4BB67D8C6F9F6B4C0DE884FA4A12C031F91 ] Fastboot        C:\Windows\system32\DRIVERS\Fastboot.sys
10:31:44.0484 0x210c  Fastboot - ok
10:31:44.0531 0x210c  [ 63511240AF70D10343A4AE05F8E2CA12, E4A873CE9F685E42347390F7D7D50CD8D3C9A5FCFFEA26093438F679D1CE275D ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
10:31:44.0562 0x210c  FastbootService - ok
10:31:44.0578 0x210c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:31:44.0609 0x210c  fastfat - ok
10:31:44.0671 0x210c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:31:44.0687 0x210c  Fax - ok
10:31:44.0718 0x210c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
10:31:44.0718 0x210c  fdc - ok
10:31:44.0749 0x210c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:31:44.0765 0x210c  fdPHost - ok
10:31:44.0780 0x210c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:31:44.0796 0x210c  FDResPub - ok
10:31:44.0812 0x210c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:31:44.0812 0x210c  FileInfo - ok
10:31:44.0827 0x210c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:31:44.0858 0x210c  Filetrace - ok
10:31:44.0858 0x210c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:31:44.0858 0x210c  flpydisk - ok
10:31:44.0905 0x210c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:31:44.0905 0x210c  FltMgr - ok
10:31:44.0999 0x210c  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
10:31:45.0030 0x210c  FontCache - ok
10:31:45.0108 0x210c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:31:45.0124 0x210c  FontCache3.0.0.0 - ok
10:31:45.0155 0x210c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:31:45.0170 0x210c  FsDepends - ok
10:31:45.0217 0x210c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:31:45.0233 0x210c  Fs_Rec - ok
10:31:45.0280 0x210c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:31:45.0311 0x210c  fvevol - ok
10:31:45.0342 0x210c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:31:45.0358 0x210c  gagp30kx - ok
10:31:45.0404 0x210c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:31:45.0420 0x210c  GEARAspiWDM - ok
10:31:45.0467 0x210c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:31:45.0514 0x210c  gpsvc - ok
10:31:45.0592 0x210c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:45.0607 0x210c  gupdate - ok
10:31:45.0623 0x210c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:31:45.0623 0x210c  gupdatem - ok
10:31:45.0685 0x210c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:31:45.0716 0x210c  gusvc - ok
10:31:45.0732 0x210c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:31:45.0748 0x210c  hcw85cir - ok
10:31:45.0763 0x210c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:31:45.0779 0x210c  HdAudAddService - ok
10:31:45.0810 0x210c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:31:45.0826 0x210c  HDAudBus - ok
10:31:45.0826 0x210c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:31:45.0826 0x210c  HidBatt - ok
10:31:45.0841 0x210c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:31:45.0841 0x210c  HidBth - ok
10:31:45.0857 0x210c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:31:45.0857 0x210c  HidIr - ok
10:31:45.0872 0x210c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:31:45.0888 0x210c  hidserv - ok
10:31:45.0950 0x210c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:31:45.0966 0x210c  HidUsb - ok
10:31:45.0997 0x210c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:31:46.0028 0x210c  hkmsvc - ok
10:31:46.0044 0x210c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:31:46.0060 0x210c  HomeGroupListener - ok
10:31:46.0075 0x210c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:31:46.0075 0x210c  HomeGroupProvider - ok
10:31:46.0122 0x210c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:31:46.0138 0x210c  HpSAMD - ok
10:31:46.0184 0x210c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:31:46.0216 0x210c  HTTP - ok
10:31:46.0216 0x210c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:31:46.0216 0x210c  hwpolicy - ok
10:31:46.0294 0x210c  [ 16A7CA284629A4D002F7B992C9A49EF9, FEA48B8DAAE18042C87F05D7C07251F4543D0E9F49C7B705E55477E7F75884A3 ] HyperW7Svc      C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
10:31:46.0325 0x210c  HyperW7Svc - ok
10:31:46.0340 0x210c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:31:46.0356 0x210c  i8042prt - ok
10:31:46.0372 0x210c  [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
10:31:46.0403 0x210c  iaStor - ok
10:31:46.0434 0x210c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:31:46.0450 0x210c  iaStorV - ok
10:31:46.0481 0x210c  [ 72B253CDBCAA10E88AAD0BA39CC83BCD, 95FDC0E622C215D912607DDFC3D703AE0D9505960F98A418F44B7A9FA675B996 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
10:31:46.0481 0x210c  IBMPMDRV - ok
10:31:46.0496 0x210c  [ 4925FFB084C9AD02E8EEF01FB18BF5AC, B08CC31F9DB444C7A3E1DE0B294A573A6F58F440D9ADF4062835320129E10FD0 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
10:31:46.0496 0x210c  IBMPMSVC - ok
10:31:46.0559 0x210c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:31:46.0590 0x210c  idsvc - ok
10:31:46.0606 0x210c  IEEtwCollectorService - ok
10:31:46.0949 0x210c  [ 5318D51AC69A9C0FEF67D36CBE8BEA68, DA4A575B3F071876062C1A1B0103F9B57F94D4BD52819A36D5DEAF90D614C595 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:31:47.0027 0x23ac  Object send P2P result: true
10:31:47.0292 0x210c  igfx - ok
10:31:47.0323 0x210c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:31:47.0339 0x210c  iirsp - ok
10:31:47.0386 0x210c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:31:47.0401 0x210c  IKEEXT - ok
10:31:47.0448 0x210c  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
10:31:47.0464 0x210c  intaud_WaveExtensible - ok
10:31:47.0588 0x210c  [ 354718FC1DD8498B772E11779173DEAF, F8AC3E6066D295735A79587D92DDB4A6D3A4C2BDBB2909B917DF49F83E4401E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:31:47.0666 0x210c  IntcAzAudAddService - ok
10:31:47.0729 0x210c  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:31:47.0760 0x210c  Intel(R) Capability Licensing Service Interface - ok
10:31:47.0776 0x210c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:31:47.0791 0x210c  intelide - ok
10:31:47.0807 0x210c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:31:47.0822 0x210c  intelppm - ok
10:31:47.0854 0x210c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:31:47.0885 0x210c  IPBusEnum - ok
10:31:47.0885 0x210c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:31:47.0916 0x210c  IpFilterDriver - ok
10:31:47.0932 0x210c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:31:47.0963 0x210c  iphlpsvc - ok
10:31:47.0963 0x210c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:31:47.0978 0x210c  IPMIDRV - ok
10:31:47.0978 0x210c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:31:47.0994 0x210c  IPNAT - ok
10:31:48.0056 0x210c  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:31:48.0072 0x210c  iPod Service - ok
10:31:48.0103 0x210c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:31:48.0119 0x210c  IRENUM - ok
10:31:48.0119 0x210c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:31:48.0119 0x210c  isapnp - ok
10:31:48.0134 0x210c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:31:48.0150 0x210c  iScsiPrt - ok
10:31:48.0166 0x210c  [ B2381712638B0B714D0EEAB9A1F7C640, 113BCA8868057156EFDC7C079171308C1EBA4F979C85EB1265F42F95A499B086 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
10:31:48.0181 0x210c  iusb3hcs - ok
10:31:48.0197 0x210c  [ FD2C6457232E95C014DAD21DEBC64867, 4CC4F488A2555761208D8401265788281B6EC76A8F16C8E115778E571450B90B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
10:31:48.0212 0x210c  iusb3hub - ok
10:31:48.0228 0x210c  [ F6A2B5D030BE7EDF8ADC12C9A40825A8, 03EFAFD6B7801D83D7689435DED8DC321D153AAC4FD69D46ED8C9D7E7F56B44A ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
10:31:48.0244 0x210c  iusb3xhc - ok
10:31:48.0290 0x210c  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
10:31:48.0290 0x210c  iwdbus - ok
10:31:48.0384 0x210c  [ 0043D9FB61C35F90886B1E93DD556FAF, B17B993928281252A75997939F2E45E98E7FB9D22941CC76E332AFF8706EDEC9 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:31:48.0400 0x210c  jhi_service - ok
10:31:48.0431 0x210c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:31:48.0446 0x210c  kbdclass - ok
10:31:48.0478 0x210c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:31:48.0493 0x210c  kbdhid - ok
10:31:48.0509 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
10:31:48.0540 0x210c  KeyIso - ok
10:31:48.0587 0x210c  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:31:48.0602 0x210c  KSecDD - ok
10:31:48.0618 0x210c  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:31:48.0634 0x210c  KSecPkg - ok
10:31:48.0649 0x210c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:31:48.0680 0x210c  ksthunk - ok
10:31:48.0712 0x210c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:31:48.0758 0x210c  KtmRm - ok
10:31:48.0774 0x210c  [ 3BE0319D6F9D5A0C4DDD037E0E19FFD4, 587F5FF690A40DD5F3F59CF8FA8FC8691846633462EB8220367F5193F5401CBE ] l36wgps         C:\Windows\system32\DRIVERS\l36wgps64.sys
10:31:48.0774 0x210c  l36wgps - ok
10:31:48.0790 0x210c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:31:48.0821 0x210c  LanmanServer - ok
10:31:48.0836 0x210c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:31:48.0852 0x210c  LanmanWorkstation - ok
10:31:48.0899 0x210c  [ 4A0235E9822B220339E34D8C122BB6D1, 75FE0158F4123E3252F543FED3F622547F32EE15B1ABA16C8D23405B6BAEBCE5 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
10:31:48.0914 0x210c  LENOVO.CAMMUTE - ok
10:31:48.0946 0x210c  [ 340288B3B2EDC8AFD5FF127DF85142A7, 595103B5CCDC83D8E4617D2C3E8ED91C88A78ACF11BC9478E9244C510DD50A80 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:31:48.0961 0x210c  LENOVO.MICMUTE - ok
10:31:48.0961 0x210c  [ 93921A19D885755B9751C3744DBCB8FD, A1A59DE5819D2C4D4CEA4917DAB569925928165177F0B081D5C03BD6D7EFE3D2 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
10:31:48.0977 0x210c  LENOVO.TPKNRSVC - ok
10:31:48.0992 0x210c  [ 79F99A4D59825839B7E563B4BCF52C5E, 3D7B1F292A36E8E4109557B880603B7BEB512457CC495F591DCE44EC34AA0E39 ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
10:31:49.0008 0x210c  LENOVO.TVTVCAM - ok
10:31:49.0024 0x210c  [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
10:31:49.0024 0x210c  Lenovo.VIRTSCRLSVC - ok
10:31:49.0055 0x210c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:31:49.0086 0x210c  lltdio - ok
10:31:49.0102 0x210c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:31:49.0133 0x210c  lltdsvc - ok
10:31:49.0133 0x210c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:31:49.0164 0x210c  lmhosts - ok
10:31:49.0195 0x210c  [ 2FB262276D1C689C6886B1C0710342FA, 99129F79FB17B7224CF7C8324A12D464D2611BF6B4467A3697B8E3AFE8A95052 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:31:49.0195 0x210c  LMS - ok
10:31:49.0304 0x210c  [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
10:31:49.0320 0x210c  LSCWinService - ok
10:31:49.0367 0x210c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:31:49.0382 0x210c  LSI_FC - ok
10:31:49.0382 0x210c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:31:49.0398 0x210c  LSI_SAS - ok
10:31:49.0414 0x210c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:31:49.0414 0x210c  LSI_SAS2 - ok
10:31:49.0414 0x210c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:31:49.0429 0x210c  LSI_SCSI - ok
10:31:49.0445 0x210c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:31:49.0476 0x210c  luafv - ok
10:31:49.0507 0x210c  [ FD998B716E1EBFE1174098FB9AA08635, FE010E7E3E583C3F3EC8D602B43C98CB91D047ED87E82B8D472E9C7391938E82 ] MacheenService  C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
10:31:49.0523 0x210c  MacheenService - ok
10:31:49.0554 0x210c  [ 62732AF9512B911C330ACBBDBCC2F284, CBF2D4D21F96465FD693E2F3052675D1D7F23BE86098D08EF22E52D94E8C95E4 ] Mbm3CBus        C:\Windows\system32\DRIVERS\Mbm3CBus.sys
10:31:49.0585 0x210c  Mbm3CBus - ok
10:31:49.0601 0x210c  [ BDC2D259CA9CFCED092B3B0B8557322D, A2C50A5BAE7B3AB0C1D8057FD15DFAB3F8B653A8A8B78572926B9CCEE032A8EA ] Mbm3DevMt       C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
10:31:49.0632 0x210c  Mbm3DevMt - ok
10:31:49.0648 0x210c  [ E55689A5E9349182C24312EFC9DF09FB, 6FD98B61C764215402625412E9E3F214020257C09F25C3B21C70AA46EC39019D ] Mbm3mdfl        C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
10:31:49.0663 0x210c  Mbm3mdfl - ok
10:31:49.0679 0x210c  [ FC1059C857D7B1083086BE04DB5EE09C, BF55702BBB6A0152F63A30E0897C42ED3F51CC1AD78C49F3589D423591C031E8 ] Mbm3Mdm         C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
10:31:49.0694 0x210c  Mbm3Mdm - ok
10:31:49.0694 0x210c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:31:49.0710 0x210c  Mcx2Svc - ok
10:31:49.0726 0x210c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:31:49.0726 0x210c  megasas - ok
10:31:49.0741 0x210c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:31:49.0741 0x210c  MegaSR - ok
10:31:49.0772 0x210c  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:31:49.0788 0x210c  MEIx64 - ok
10:31:49.0804 0x210c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:31:49.0819 0x210c  MMCSS - ok
10:31:49.0850 0x210c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:31:49.0866 0x210c  Modem - ok
10:31:49.0897 0x210c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:31:49.0913 0x210c  monitor - ok
10:31:49.0928 0x210c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:31:49.0944 0x210c  mouclass - ok
10:31:49.0960 0x210c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:31:49.0960 0x210c  mouhid - ok
10:31:50.0006 0x210c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:31:50.0022 0x210c  mountmgr - ok
10:31:50.0038 0x210c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:31:50.0053 0x210c  mpio - ok
10:31:50.0069 0x210c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:31:50.0100 0x210c  mpsdrv - ok
10:31:50.0131 0x210c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:31:50.0162 0x210c  MpsSvc - ok
10:31:50.0209 0x210c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:31:50.0225 0x210c  MRxDAV - ok
10:31:50.0272 0x210c  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:31:50.0287 0x210c  mrxsmb - ok
10:31:50.0318 0x210c  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:31:50.0334 0x210c  mrxsmb10 - ok
10:31:50.0350 0x210c  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:31:50.0365 0x210c  mrxsmb20 - ok
10:31:50.0381 0x210c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:31:50.0396 0x210c  msahci - ok
10:31:50.0396 0x210c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:31:50.0412 0x210c  msdsm - ok
10:31:50.0428 0x210c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:31:50.0443 0x210c  MSDTC - ok
10:31:50.0474 0x210c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:31:50.0490 0x210c  Msfs - ok
10:31:50.0506 0x210c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:31:50.0521 0x210c  mshidkmdf - ok
10:31:50.0537 0x210c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:31:50.0552 0x210c  msisadrv - ok
10:31:50.0568 0x210c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:31:50.0599 0x210c  MSiSCSI - ok
10:31:50.0599 0x210c  msiserver - ok
10:31:50.0615 0x210c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:31:50.0646 0x210c  MSKSSRV - ok
10:31:50.0662 0x210c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:31:50.0677 0x210c  MSPCLOCK - ok
10:31:50.0677 0x210c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:31:50.0708 0x210c  MSPQM - ok
10:31:50.0724 0x210c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:31:50.0740 0x210c  MsRPC - ok
10:31:50.0740 0x210c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:31:50.0755 0x210c  mssmbios - ok
10:31:50.0755 0x210c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:31:50.0771 0x210c  MSTEE - ok
10:31:50.0771 0x210c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:31:50.0786 0x210c  MTConfig - ok
10:31:50.0786 0x210c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:31:50.0802 0x210c  Mup - ok
10:31:50.0833 0x210c  [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3, 9CAFFECB0F59CC758C646F886D7A9A276A152B94EE58564BD03FBB48C4C7E396 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:31:50.0833 0x210c  MyWiFiDHCPDNS - ok
10:31:50.0864 0x210c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:31:50.0896 0x210c  napagent - ok
10:31:50.0927 0x210c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:31:50.0942 0x210c  NativeWifiP - ok
10:31:51.0036 0x210c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:31:51.0067 0x210c  NDIS - ok
10:31:51.0083 0x210c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:31:51.0098 0x210c  NdisCap - ok
10:31:51.0114 0x210c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:31:51.0145 0x210c  NdisTapi - ok
10:31:51.0145 0x210c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:31:51.0176 0x210c  Ndisuio - ok
10:31:51.0176 0x210c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:31:51.0208 0x210c  NdisWan - ok
10:31:51.0223 0x210c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:31:51.0239 0x210c  NDProxy - ok
10:31:51.0270 0x210c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:31:51.0286 0x210c  NetBIOS - ok
10:31:51.0317 0x210c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:31:51.0332 0x210c  NetBT - ok
10:31:51.0332 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
10:31:51.0348 0x210c  Netlogon - ok
10:31:51.0395 0x210c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:31:51.0442 0x210c  Netman - ok
10:31:51.0457 0x210c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:31:51.0488 0x210c  netprofm - ok
10:31:51.0520 0x210c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:31:51.0535 0x210c  NetTcpPortSharing - ok
10:31:51.0800 0x210c  [ FAD6C5610D020534401966CD72A1C306, 49D1AF9682464638BF7AC29A83E090F037543C3AA1F7E5970040633AFD5EAF29 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
10:31:52.0034 0x210c  NETwNs64 - ok
10:31:52.0081 0x210c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:31:52.0097 0x210c  nfrd960 - ok
10:31:52.0175 0x210c  [ BC4B7FA7F7EBE5E9CC70885A2CB727D0, 0BC3EF7B5CEC9A4639607E5F901A65296F150B451714DF754847637D98CD8D98 ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
10:31:52.0190 0x210c  NitroDriverReadSpool2 - ok
10:31:52.0237 0x210c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:31:52.0268 0x210c  NlaSvc - ok
10:31:52.0284 0x210c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:31:52.0300 0x210c  Npfs - ok
10:31:52.0315 0x210c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:31:52.0331 0x210c  nsi - ok
10:31:52.0346 0x210c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:31:52.0362 0x210c  nsiproxy - ok
10:31:52.0440 0x210c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:31:52.0471 0x210c  Ntfs - ok
10:31:52.0487 0x210c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:31:52.0502 0x210c  Null - ok
10:31:52.0534 0x210c  [ CE4EE0E09B5FECEA1CE979CF750BCAA4, A432CB4306D1A561C070990E7EFBDEF03D70883596A0A0B0F3C404296742AB7F ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
10:31:52.0549 0x210c  nvkflt - ok
10:31:52.0861 0x210c  [ A48BFF12CEBF631DC329FB4223201BFA, 612CBC85DA207DED303CE8095419E265E6D0121B0B101E05CF3276500588A07F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:31:53.0204 0x210c  nvlddmkm - ok
10:31:53.0236 0x210c  [ 159D8FDC772133B7D2551A22B14D5263, AD9D1F607806CD31A496C05D908038F6D30BAAF2B09C2A81CE569B7DB9BBF5D3 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
10:31:53.0236 0x210c  nvpciflt - ok
10:31:53.0267 0x210c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:31:53.0282 0x210c  nvraid - ok
10:31:53.0282 0x210c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:31:53.0298 0x210c  nvstor - ok
10:31:53.0345 0x210c  [ C4E884D605E12A1F815C89C830873BF7, F705420DECB702B0A1C530993E1855CADD6C7DAD30762B06E5035A09EB9288CA ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:31:53.0360 0x210c  nvsvc - ok
10:31:53.0470 0x210c  [ E504A2CB3E7CE879E882D263DF242FC1, 71EBA1BC11A3E34E6C90815A9563758F4F9403762658E8BE532656483C16895A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:31:53.0516 0x210c  nvUpdatusService - ok
10:31:53.0563 0x210c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:31:53.0579 0x210c  nv_agp - ok
10:31:53.0610 0x210c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:31:53.0626 0x210c  ohci1394 - ok
10:31:53.0704 0x210c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:31:53.0719 0x210c  ose - ok
10:31:53.0891 0x210c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:31:53.0984 0x210c  osppsvc - ok
10:31:54.0016 0x210c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:31:54.0031 0x210c  p2pimsvc - ok
10:31:54.0062 0x210c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:31:54.0078 0x210c  p2psvc - ok
10:31:54.0094 0x210c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
10:31:54.0109 0x210c  Parport - ok
10:31:54.0125 0x210c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:31:54.0140 0x210c  partmgr - ok
10:31:54.0172 0x210c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:31:54.0187 0x210c  PcaSvc - ok
10:31:54.0203 0x210c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:31:54.0203 0x210c  pci - ok
10:31:54.0218 0x210c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:31:54.0218 0x210c  pciide - ok
10:31:54.0218 0x210c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:31:54.0234 0x210c  pcmcia - ok
10:31:54.0250 0x210c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:31:54.0250 0x210c  pcw - ok
10:31:54.0374 0x210c  [ B1078DE6104E20BC4CA9591D17CDD5C3, 25E06C059A10E0B6978C709CDAA2D36FE98FE51862B14FBCD3C79F27AC89CD3D ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
10:31:54.0406 0x210c  PDF Architect Helper Service - ok
10:31:54.0437 0x210c  [ 256D740E98DB5B86CB248EACADC5DBEC, 77634F3D840EF3B1045C92D5FE4752D6AA60D5372EB0139D4F98955627CD5EA0 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
10:31:54.0452 0x210c  PDF Architect Service - ok
10:31:54.0484 0x210c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:31:54.0499 0x210c  PEAUTH - ok
10:31:54.0546 0x210c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:31:54.0577 0x210c  PeerDistSvc - ok
10:31:54.0624 0x210c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:31:54.0640 0x210c  PerfHost - ok
10:31:54.0671 0x210c  [ B4C1BF666DBD6899EC4A9A499DAA040B, D6F9E42F25DCBE19A3766165D96CC2D30E834B19B841688FD6A2E26FD9166315 ] PHCORE          C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
10:31:54.0686 0x210c  PHCORE - ok
10:31:54.0749 0x210c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:31:54.0796 0x210c  pla - ok
10:31:54.0811 0x210c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:31:54.0827 0x210c  PlugPlay - ok
10:31:54.0842 0x210c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:31:54.0842 0x210c  PNRPAutoReg - ok
10:31:54.0874 0x210c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:31:54.0874 0x210c  PNRPsvc - ok
10:31:54.0905 0x210c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:31:54.0936 0x210c  PolicyAgent - ok
10:31:54.0967 0x210c  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
10:31:54.0967 0x210c  Power - ok
10:31:55.0076 0x210c  [ DEED60F99C5B8E386D507860F600D509, 1662F4F7C2CB305C6794B0FF546550393DC7C7FCC709C2D342A7092B446830AA ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
10:31:55.0108 0x210c  Power Manager DBC Service - ok
10:31:55.0154 0x210c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:31:55.0170 0x210c  PptpMiniport - ok
10:31:55.0201 0x210c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
10:31:55.0201 0x210c  Processor - ok
10:31:55.0248 0x210c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:31:55.0248 0x210c  ProfSvc - ok
10:31:55.0264 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:31:55.0279 0x210c  ProtectedStorage - ok
10:31:55.0295 0x210c  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
10:31:55.0310 0x210c  psadd - ok
10:31:55.0326 0x210c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:31:55.0342 0x210c  Psched - ok
10:31:55.0373 0x210c  [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:31:55.0373 0x210c  PSI_SVC_2 - ok
10:31:55.0451 0x210c  [ 68DCE950DCD2ABBB82362D383EC5836E, 5A3E0ABE32BA53A0D719757222455BE9308844C4968CA27B178C86BCF6FDC4DC ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
10:31:55.0498 0x210c  PwmEWSvc - ok
10:31:55.0560 0x210c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:31:55.0591 0x210c  ql2300 - ok
10:31:55.0607 0x210c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:31:55.0622 0x210c  ql40xx - ok
10:31:55.0654 0x210c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:31:55.0669 0x210c  QWAVE - ok
10:31:55.0685 0x210c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:31:55.0685 0x210c  QWAVEdrv - ok
10:31:55.0685 0x210c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:31:55.0716 0x210c  RasAcd - ok
10:31:55.0747 0x210c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:31:55.0763 0x210c  RasAgileVpn - ok
10:31:55.0778 0x210c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:31:55.0794 0x210c  RasAuto - ok
10:31:55.0810 0x210c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:55.0841 0x210c  Rasl2tp - ok
10:31:55.0856 0x210c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:31:55.0888 0x210c  RasMan - ok
10:31:55.0903 0x210c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:55.0919 0x210c  RasPppoe - ok
10:31:55.0934 0x210c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:31:55.0950 0x210c  RasSstp - ok
10:31:55.0966 0x210c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:31:55.0997 0x210c  rdbss - ok
10:31:56.0012 0x210c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:31:56.0012 0x210c  rdpbus - ok
10:31:56.0028 0x210c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:56.0044 0x210c  RDPCDD - ok
10:31:56.0075 0x210c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:31:56.0075 0x210c  RDPDR - ok
10:31:56.0075 0x210c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:31:56.0106 0x210c  RDPENCDD - ok
10:31:56.0106 0x210c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:31:56.0137 0x210c  RDPREFMP - ok
10:31:56.0168 0x210c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:31:56.0184 0x210c  RDPWD - ok
10:31:56.0215 0x210c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:31:56.0231 0x210c  rdyboost - ok
10:31:56.0262 0x210c  [ 0C2B4C3B10D183BE116A38353E937F62, 2523E6FAB400EA1F9B4A634C1CC427D1D6FDE4B36018FF469470961EB8E432FA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:31:56.0278 0x210c  RegSrvc - ok
10:31:56.0293 0x210c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:31:56.0309 0x210c  RemoteAccess - ok
10:31:56.0340 0x210c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:31:56.0371 0x210c  RemoteRegistry - ok
10:31:56.0402 0x210c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:31:56.0402 0x210c  RFCOMM - ok
10:31:56.0434 0x210c  [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
10:31:56.0449 0x210c  risdxc - ok
10:31:56.0449 0x210c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:31:56.0480 0x210c  RpcEptMapper - ok
10:31:56.0496 0x210c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:31:56.0496 0x210c  RpcLocator - ok
10:31:56.0527 0x210c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:31:56.0543 0x210c  RpcSs - ok
10:31:56.0574 0x210c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:31:56.0590 0x210c  rspndr - ok
10:31:56.0605 0x210c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:31:56.0621 0x210c  s3cap - ok
10:31:56.0636 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
10:31:56.0636 0x210c  SamSs - ok
10:31:56.0652 0x210c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:31:56.0668 0x210c  sbp2port - ok
10:31:56.0699 0x210c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:31:56.0746 0x210c  SCardSvr - ok
10:31:56.0761 0x210c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:31:56.0792 0x210c  scfilter - ok
10:31:56.0855 0x210c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
10:31:56.0886 0x210c  Schedule - ok
10:31:56.0902 0x210c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:31:56.0933 0x210c  SCPolicySvc - ok
10:31:56.0933 0x210c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:31:56.0948 0x210c  SDRSVC - ok
10:31:56.0964 0x210c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:31:56.0980 0x210c  secdrv - ok
10:31:56.0995 0x210c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:31:57.0011 0x210c  seclogon - ok
10:31:57.0042 0x210c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:31:57.0073 0x210c  SENS - ok
10:31:57.0089 0x210c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:31:57.0104 0x210c  SensrSvc - ok
10:31:57.0120 0x210c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:31:57.0120 0x210c  Serenum - ok
10:31:57.0151 0x210c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:31:57.0151 0x210c  Serial - ok
10:31:57.0182 0x210c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:31:57.0182 0x210c  sermouse - ok
10:31:57.0198 0x210c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:31:57.0214 0x210c  SessionEnv - ok
10:31:57.0229 0x210c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:31:57.0229 0x210c  sffdisk - ok
10:31:57.0229 0x210c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:31:57.0245 0x210c  sffp_mmc - ok
10:31:57.0245 0x210c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:31:57.0245 0x210c  sffp_sd - ok
10:31:57.0260 0x210c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:31:57.0260 0x210c  sfloppy - ok
10:31:57.0292 0x210c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:31:57.0307 0x210c  SharedAccess - ok
10:31:57.0338 0x210c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:31:57.0354 0x210c  ShellHWDetection - ok
10:31:57.0385 0x210c  [ 7AC6FBFC13ABA3F15B05986412D10E10, B93E0E18C9883BAE7238389B8E2E3D66CB925BD62B293625FF8B6C3AF4501EC8 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
10:31:57.0416 0x210c  Shockprf - ok
10:31:57.0432 0x210c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:31:57.0432 0x210c  SiSRaid2 - ok
10:31:57.0448 0x210c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:31:57.0448 0x210c  SiSRaid4 - ok
10:31:57.0479 0x210c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:31:57.0510 0x210c  Smb - ok
10:31:57.0541 0x210c  [ 3BC2844AF786CA422CC31D505ACFA9F2, 38936490E2F404FC1235D8C6C7E87809E2935057041CBE884D887B0A69A47279 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
10:31:57.0557 0x210c  smihlp - ok
10:31:57.0572 0x210c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:31:57.0588 0x210c  SNMPTRAP - ok
10:31:57.0604 0x210c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:31:57.0604 0x210c  spldr - ok
10:31:57.0635 0x210c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
10:31:57.0682 0x210c  Spooler - ok
10:31:57.0760 0x210c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:31:57.0838 0x210c  sppsvc - ok
10:31:57.0853 0x210c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:31:57.0869 0x210c  sppuinotify - ok
10:31:57.0900 0x210c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:31:57.0916 0x210c  srv - ok
10:31:57.0931 0x210c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:31:57.0947 0x210c  srv2 - ok
10:31:57.0947 0x210c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:31:57.0962 0x210c  srvnet - ok
10:31:57.0994 0x210c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:31:58.0025 0x210c  SSDPSRV - ok
10:31:58.0025 0x210c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:31:58.0056 0x210c  SstpSvc - ok
10:31:58.0087 0x210c  [ 78CD64791F8634CF7B582FD085E57C4B, 8807D7821F9A5E190F6C8F45A0E4F1FD62C8C4614D3958D13A64789E63D93078 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:31:58.0087 0x210c  ssudmdm - ok
10:31:58.0134 0x210c  [ 5166A8690D912B0B9F29FBB028EA9FE7, 2C677F17388269923B6A08259BD22DC2BF0A9D3FEEF295B18807FF8D99EDF8EB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:31:58.0150 0x210c  Stereo Service - ok
10:31:58.0165 0x210c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:31:58.0165 0x210c  stexstor - ok
10:31:58.0212 0x210c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
10:31:58.0228 0x210c  StillCam - ok
10:31:58.0290 0x210c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:31:58.0337 0x210c  stisvc - ok
10:31:58.0337 0x210c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:31:58.0352 0x210c  storflt - ok
10:31:58.0368 0x210c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
10:31:58.0384 0x210c  StorSvc - ok
10:31:58.0399 0x210c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:31:58.0415 0x210c  storvsc - ok
10:31:58.0415 0x210c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:31:58.0430 0x210c  swenum - ok
10:31:58.0462 0x210c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:31:58.0477 0x210c  swprv - ok
10:31:58.0524 0x210c  [ 883D2880144FD3ED9F1C04B5B5B9B562, 17C582DE9E614F3AFF76ED808358E1006A5AAFEDAE155F6FB527A1AEE3AFF3EF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:31:58.0540 0x210c  SynTP - ok
10:31:58.0602 0x210c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
10:31:58.0649 0x210c  SysMain - ok
10:31:58.0664 0x210c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:31:58.0664 0x210c  TabletInputService - ok
10:31:58.0696 0x210c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:31:58.0711 0x210c  TapiSrv - ok
10:31:58.0758 0x210c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:31:58.0774 0x210c  TBS - ok
10:31:58.0898 0x210c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:31:58.0930 0x210c  Tcpip - ok
10:31:58.0976 0x210c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:31:59.0008 0x210c  TCPIP6 - ok
10:31:59.0023 0x210c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:31:59.0054 0x210c  tcpipreg - ok
10:31:59.0054 0x210c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:31:59.0070 0x210c  TDPIPE - ok
10:31:59.0086 0x210c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:31:59.0101 0x210c  TDTCP - ok
10:31:59.0132 0x210c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:31:59.0132 0x210c  tdx - ok
10:31:59.0148 0x210c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:31:59.0148 0x210c  TermDD - ok
10:31:59.0226 0x210c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
10:31:59.0257 0x210c  TermService - ok
10:31:59.0273 0x210c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:31:59.0288 0x210c  Themes - ok
10:31:59.0304 0x210c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:31:59.0335 0x210c  THREADORDER - ok
10:31:59.0351 0x210c  [ BC148E3415BF8A9DE83364966F75044F, 0F4604753E8202A7CA0F0C2E08983911327E0E44E453CE91B9B9A80A5554EC16 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
10:31:59.0351 0x210c  TPDIGIMN - ok
10:31:59.0366 0x210c  [ BBD91008BEC4A2BA5D383BC9A15D6F9E, 6A61E05F2189CB586440E0D5CB0126282459EAE9F29C9DD2D6E4583D230BF29E ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
10:31:59.0382 0x210c  TPHDEXLGSVC - ok
10:31:59.0413 0x210c  [ 83415782D47F8064FCAFEA308ABB2246, 24D407FFF78EB48A440E4929918C92AEF6F5CF8170A14019C22D36B30BB01A23 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
10:31:59.0413 0x210c  TPHKLOAD - ok
10:31:59.0429 0x210c  [ 046A7B412E4E6C4A7B426441E143F0F2, 8E42A888087A4DE20828652049D54955806986422C6A67C7A42499A0FB1CA1E2 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
10:31:59.0444 0x210c  TPHKSVC - ok
10:31:59.0476 0x210c  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
10:31:59.0491 0x210c  TPM - ok
10:31:59.0491 0x210c  [ 1DF6E6C026AD1D428687FE3B427A87BC, DA8F17A1030A0DEC81F5356B4DC99EC1F93FAD1292779191FDD53FEE530F9520 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
10:31:59.0507 0x210c  TPPWRIF - ok
10:31:59.0522 0x210c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:31:59.0554 0x210c  TrkWks - ok
10:31:59.0600 0x210c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:31:59.0616 0x210c  TrustedInstaller - ok
10:31:59.0663 0x210c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:59.0663 0x210c  tssecsrv - ok
10:31:59.0678 0x210c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:31:59.0694 0x210c  TsUsbFlt - ok
10:31:59.0694 0x210c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:31:59.0694 0x210c  TsUsbGD - ok
10:31:59.0725 0x210c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:31:59.0772 0x210c  tunnel - ok
10:31:59.0803 0x210c  [ D4915DB03B19F9FD50EC084CC0ED15FC, 1CA899C0D48E69825DB27A4A52D8A3FEBA00A47C2D0E2FC0F5F358D15B7F3496 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
10:31:59.0803 0x210c  TVTI2C - ok
10:31:59.0819 0x210c  [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
10:31:59.0819 0x210c  tvtvcamd - ok
10:31:59.0834 0x210c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:31:59.0834 0x210c  uagp35 - ok
10:31:59.0850 0x210c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:31:59.0881 0x210c  udfs - ok
10:31:59.0897 0x210c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:31:59.0912 0x210c  UI0Detect - ok
10:31:59.0944 0x210c  [ BE788A747457E6916586C410EC0111E7, 525F9065270AF40FED854C5B3C7E690783F5169C2F9286EE225F6C817ED1E237 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:31:59.0959 0x210c  UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 )
10:32:02.0533 0x210c  Detect skipped due to KSN trusted
10:32:02.0533 0x210c  UleadBurningHelper - ok
10:32:02.0580 0x210c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:32:02.0611 0x210c  uliagpkx - ok
10:32:02.0627 0x210c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:32:02.0642 0x210c  umbus - ok
10:32:02.0658 0x210c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:32:02.0658 0x210c  UmPass - ok
10:32:02.0689 0x210c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:32:02.0705 0x210c  UmRdpService - ok
10:32:02.0798 0x210c  [ CABEC311CEA77EAEA3DC04A1ADFC0459, EC857EB3E22941E8915709B2E2CFB7BB662004121EC7DBE495FC40597BF194CB ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:32:02.0830 0x210c  UNS - ok
10:32:02.0861 0x210c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:32:02.0892 0x210c  upnphost - ok
10:32:02.0923 0x210c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:32:02.0923 0x210c  USBAAPL64 - ok
10:32:02.0970 0x210c  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:32:02.0986 0x210c  usbccgp - ok
10:32:03.0032 0x210c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:32:03.0064 0x210c  usbcir - ok
10:32:03.0079 0x210c  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:32:03.0079 0x210c  usbehci - ok
10:32:03.0110 0x210c  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:32:03.0126 0x210c  usbhub - ok
10:32:03.0142 0x210c  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:32:03.0142 0x210c  usbohci - ok
10:32:03.0173 0x210c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:32:03.0188 0x210c  usbprint - ok
10:32:03.0204 0x210c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:32:03.0204 0x210c  USBSTOR - ok
10:32:03.0220 0x210c  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:32:03.0220 0x210c  usbuhci - ok
10:32:03.0235 0x210c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:32:03.0251 0x210c  usbvideo - ok
10:32:03.0266 0x210c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:32:03.0282 0x210c  UxSms - ok
10:32:03.0298 0x210c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
10:32:03.0298 0x210c  VaultSvc - ok
10:32:03.0313 0x210c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:32:03.0313 0x210c  vdrvroot - ok
10:32:03.0344 0x210c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:32:03.0360 0x210c  vds - ok
10:32:03.0376 0x210c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:32:03.0376 0x210c  vga - ok
10:32:03.0391 0x210c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:32:03.0407 0x210c  VgaSave - ok
10:32:03.0422 0x210c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:32:03.0438 0x210c  vhdmp - ok
10:32:03.0438 0x210c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:32:03.0454 0x210c  viaide - ok
10:32:03.0500 0x210c  [ 49C122513203B98B0B2C10211F23450B, 98C281A5F9A68C0E9F766EE136B72605C8724BA521B6A28E9B7232FFDB1108B9 ] VIPAppService   C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
10:32:03.0516 0x210c  VIPAppService - ok
10:32:03.0532 0x210c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:32:03.0563 0x210c  vmbus - ok
10:32:03.0563 0x210c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:32:03.0578 0x210c  VMBusHID - ok
10:32:03.0594 0x210c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:32:03.0610 0x210c  volmgr - ok
10:32:03.0625 0x210c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:32:03.0641 0x210c  volmgrx - ok
10:32:03.0672 0x210c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:32:03.0688 0x210c  volsnap - ok
10:32:03.0703 0x210c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:32:03.0719 0x210c  vsmraid - ok
10:32:03.0797 0x210c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:32:03.0859 0x210c  VSS - ok
10:32:03.0859 0x210c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:32:03.0875 0x210c  vwifibus - ok
10:32:03.0890 0x210c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:32:03.0906 0x210c  vwififlt - ok
10:32:03.0906 0x210c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:32:03.0922 0x210c  vwifimp - ok
10:32:03.0937 0x210c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:32:03.0968 0x210c  W32Time - ok
10:32:04.0000 0x210c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:32:04.0000 0x210c  WacomPen - ok
10:32:04.0031 0x210c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:32:04.0046 0x210c  WANARP - ok
10:32:04.0062 0x210c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:32:04.0078 0x210c  Wanarpv6 - ok
10:32:04.0124 0x210c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:32:04.0156 0x210c  wbengine - ok
10:32:04.0171 0x210c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:32:04.0187 0x210c  WbioSrvc - ok
10:32:04.0202 0x210c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:32:04.0218 0x210c  wcncsvc - ok
10:32:04.0234 0x210c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:32:04.0249 0x210c  WcsPlugInService - ok
10:32:04.0265 0x210c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
10:32:04.0265 0x210c  Wd - ok
10:32:04.0327 0x210c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:32:04.0343 0x210c  Wdf01000 - ok
10:32:04.0374 0x210c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:32:04.0374 0x210c  WdiServiceHost - ok
10:32:04.0390 0x210c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:32:04.0390 0x210c  WdiSystemHost - ok
10:32:04.0436 0x210c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
10:32:04.0452 0x210c  WebClient - ok
10:32:04.0530 0x210c  [ 507D80C0ACCC3B4FC123BD99D0AF3F97, 09AF6BBAFEA01B0A108C2EFE019F3D8ACA89C2C9D2DEB5F7E83F4E9971BAD338 ] WebUpdate4      C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
10:32:04.0561 0x210c  WebUpdate4 - ok
10:32:04.0577 0x210c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:32:04.0639 0x210c  Wecsvc - ok
10:32:04.0655 0x210c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:32:04.0686 0x210c  wercplsupport - ok
10:32:04.0686 0x210c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:32:04.0717 0x210c  WerSvc - ok
10:32:04.0748 0x210c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:32:04.0764 0x210c  WfpLwf - ok
10:32:04.0780 0x210c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:32:04.0780 0x210c  WIMMount - ok
10:32:04.0795 0x210c  WinDefend - ok
10:32:04.0795 0x210c  WinHttpAutoProxySvc - ok
10:32:04.0858 0x210c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:32:04.0873 0x210c  Winmgmt - ok
10:32:04.0951 0x210c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:32:05.0014 0x210c  WinRM - ok
10:32:05.0045 0x210c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
10:32:05.0060 0x210c  WinUsb - ok
10:32:05.0092 0x210c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:32:05.0107 0x210c  Wlansvc - ok
10:32:05.0154 0x210c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:32:05.0154 0x210c  wlcrasvc - ok
10:32:05.0248 0x210c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:32:05.0279 0x210c  wlidsvc - ok
10:32:05.0310 0x210c  WMCoreService - ok
10:32:05.0341 0x210c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:32:05.0357 0x210c  WmiAcpi - ok
10:32:05.0388 0x210c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:32:05.0404 0x210c  wmiApSrv - ok
10:32:05.0419 0x210c  WMPNetworkSvc - ok
10:32:05.0450 0x210c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:32:05.0466 0x210c  WPCSvc - ok
10:32:05.0482 0x210c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:32:05.0497 0x210c  WPDBusEnum - ok
10:32:05.0513 0x210c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:32:05.0528 0x210c  ws2ifsl - ok
10:32:05.0544 0x210c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:32:05.0560 0x210c  wscsvc - ok
10:32:05.0560 0x210c  WSearch - ok
10:32:05.0653 0x210c  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:32:05.0700 0x210c  wuauserv - ok
10:32:05.0716 0x210c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:32:05.0747 0x210c  WudfPf - ok
10:32:05.0762 0x210c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:32:05.0778 0x210c  WUDFRd - ok
10:32:05.0809 0x210c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:32:05.0825 0x210c  wudfsvc - ok
10:32:05.0840 0x210c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:32:05.0856 0x210c  WwanSvc - ok
10:32:05.0872 0x210c  [ 747DA6EE261B3760201D7738E0FD59B8, B32F8CB8F112FA1C067AEE1615882C6FAFAB671347A44E37C4B476DF3DC7B430 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
10:32:05.0887 0x210c  WwanUsbServ - ok
10:32:06.0012 0x210c  [ D2FE4103450E52CB248D842501F84B90, 0775E540B5ACEE6FA90FC7BE87F45EB005F6593CDA252D64EBC509A350DDA038 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
10:32:06.0059 0x210c  ZeroConfigService - ok
10:32:06.0074 0x210c  ================ Scan global ===============================
10:32:06.0106 0x210c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
10:32:06.0152 0x210c  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
10:32:06.0168 0x210c  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
10:32:06.0199 0x210c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:32:06.0246 0x210c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:32:06.0262 0x210c  [ Global ] - ok
10:32:06.0262 0x210c  ================ Scan MBR ==================================
10:32:06.0277 0x210c  [ FE2CEF994787ACC87A640B5C5171A8DF ] \Device\Harddisk0\DR0
10:32:06.0558 0x210c  \Device\Harddisk0\DR0 - ok
10:32:06.0558 0x210c  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
10:32:20.0785 0x210c  \Device\Harddisk1\DR1 - ok
10:32:20.0785 0x210c  ================ Scan VBR ==================================
10:32:20.0785 0x210c  [ 40C37684D94646DA6497CB2C56942A8E ] \Device\Harddisk0\DR0\Partition1
10:32:20.0785 0x210c  \Device\Harddisk0\DR0\Partition1 - ok
10:32:20.0832 0x210c  [ 2633F1D97F666FF659085477FFA421C1 ] \Device\Harddisk0\DR0\Partition2
10:32:20.0832 0x210c  \Device\Harddisk0\DR0\Partition2 - ok
10:32:20.0832 0x210c  [ F637DE8C9612A3A7CE99ACD122B42970 ] \Device\Harddisk0\DR0\Partition3
10:32:20.0832 0x210c  \Device\Harddisk0\DR0\Partition3 - ok
10:32:20.0832 0x210c  [ D235282A75F547FE9B4511AD471714D6 ] \Device\Harddisk1\DR1\Partition1
10:32:20.0848 0x210c  \Device\Harddisk1\DR1\Partition1 - ok
10:32:20.0848 0x210c  ================ Scan generic autorun ======================
10:32:21.0128 0x210c  [ 768E8D93FC15F11F37134CCA62973E4B, 70FF22A12FE5BB3BFED9F222667F53ADB23E82329549B657F4AB450616F44988 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:32:21.0300 0x210c  RTHDVCPL - ok
10:32:21.0347 0x210c  [ 813EE7316A9B44303D97DDE00626A527, 745F361D9EE969FC836D3D8B909BC9216471351AE828D2B3B6406245854FE01A ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:32:21.0362 0x210c  RtHDVBg_Dolby - ok
10:32:21.0394 0x210c  [ 448FE6C931EE040404A20EC721C184B0, B83322CDD84A58F87CC3F5C9FC9C48C5E27B4B6A915C0C82ED53350AD866BED1 ] C:\Windows\system32\hkcmd.exe
10:32:21.0394 0x210c  HotKeysCmds - ok
10:32:21.0409 0x210c  [ 7A37463E3ED901A784E5934CD724998D, 1AAC8059B0C7A65A5B421F92F1D055A52BDD36877365FA003C1BA1712C0519A5 ] C:\Windows\system32\igfxpers.exe
10:32:21.0425 0x210c  Persistence - ok
10:32:21.0425 0x210c  SynTPEnh - ok
10:32:21.0440 0x210c  [ CA169D8C33B5C7D38F146146D635BB5A, 0F7C021BD92ECFF8FEE5D1D1F5920E85B53C1DE7874F21CEBCF9E9F2BD0590BF ] C:\Windows\system32\TpShocks.exe
10:32:21.0440 0x210c  TpShocks - ok
10:32:21.0487 0x210c  [ 98D545CE59F64C2C4D005A4A61BB0835, 22EEE378BF46A12E910429DECA5D68E38319A6BC20FEF3E2D7BC450D9141658A ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
10:32:21.0518 0x210c  LENOVO.TPKNRRES - ok
10:32:21.0596 0x210c  [ 3D0AA1C5F67BAC9ED036FB6C815562C6, 6563601CAFA7BC11DD6FD666195C0DA58E646D685C6F5063081086C96F8A9F43 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
10:32:21.0612 0x210c  AcWin7Hlpr - ok
10:32:21.0659 0x210c  [ 0307536FD43CC7BFB92F9DAC8DB913F1, 6C8BEDA4ADFBEF28E647B39B3EEA37A20BFE5C93C7EDA79471EFB46156197843 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
10:32:21.0674 0x210c  RotateImage - detected UnsignedFile.Multi.Generic ( 1 )
10:32:24.0233 0x210c  Detect skipped due to KSN trusted
10:32:24.0233 0x210c  RotateImage - ok
10:32:24.0280 0x210c  [ 6BA8D86746935498D64CB5CF6286F2EB, E47D1DEE39451428344233DB15412BCB486C4F6FE1D0426F20AA4C6245387926 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
10:32:24.0311 0x210c  USB3MON - ok
10:32:24.0358 0x210c  [ F442241ED1840450DE1572BAAACC0EE0, 8878637DF4475BA967120470037CFDB147C46D8B4ED1661D4379D30EB3341135 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
10:32:24.0373 0x210c  IMSS - ok
10:32:24.0420 0x210c  [ EFC77110B674E4F0945E7E85E2EAAB7C, F6CC7D74C45A9EDAC81E97EB225DD1465A640A6DF79605A468C1C381FB12D5F4 ] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
10:32:24.0436 0x210c  Dolby Advanced Audio v2 - ok
10:32:24.0436 0x210c  PWMTRV - ok
10:32:24.0482 0x210c  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:32:24.0498 0x210c  Adobe ARM - ok
10:32:24.0576 0x210c  [ 885A81A05F749897A455F439E302F1BD, F4CF5980A7CE5449CF5CF1586AE0FCDE0F4C640CBDD0FE5C1870412017A3CB29 ] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
10:32:24.0607 0x210c  Fastboot - ok
10:32:24.0732 0x210c  [ B3E053ED10DD568A3B292241F1A74D32, 62606F78FF968D7DF3EF04CD146749B525AEC9C438E9A897DA48F05577659DB2 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
10:32:24.0841 0x210c  Lenovo Registration - ok
10:32:25.0028 0x210c  [ AA5781B52C1E26FE48565118007B3C97, 7E13BC1BC3A0FB848B7017A9E45051CFA09A5418AFE312D6917477668594CC18 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
10:32:25.0091 0x210c  KiesTrayAgent - ok
10:32:25.0169 0x210c  [ CA3BC92AF8FCDB85C06AFB5E70D29BFA, E7FC1E740001A4ACE8F652A74F7F85514D4F352D39F4D0043F914F074A2F55BC ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
10:32:25.0184 0x210c  IJNetworkScanUtility - ok
10:32:25.0262 0x210c  [ EE476C51FE76EAAA1496446B97ED7F5E, 1ECF454A38A6BDE5DD93AD3F09DCCBD36F748F23094F31FC2EB50A1FA7D9BED1 ] C:\Program Files (x86)\QNAP\NetBak\NetBak.exe
10:32:25.0309 0x210c  QNAP_NASNetBak - detected UnsignedFile.Multi.Generic ( 1 )
10:32:27.0868 0x210c  Detect skipped due to KSN trusted
10:32:27.0868 0x210c  QNAP_NASNetBak - ok
10:32:27.0930 0x210c  [ 0360ACCC97132C5051189C9D9370309E, 113CE9B2B7FE1E0C6A0937E05E157BC98C7142F01E1D1EAA2A905A8D6B8E967D ] C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
10:32:27.0946 0x210c  MobileAccess - ok
10:32:28.0024 0x210c  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
10:32:28.0039 0x210c  iTunesHelper - ok
10:32:28.0148 0x210c  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:32:28.0180 0x210c  avgnt - ok
10:32:28.0258 0x210c  [ A8E69DA21AEEB9DAA55D90E87AC1A549, 175AF750A1DF53555D0CB6C61312CEE37E2CB182873041A8AE38C57EA01DC2F5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
10:32:28.0273 0x210c  Avira SystrayStartTrigger - ok
10:32:28.0351 0x210c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:32:28.0398 0x210c  Sidebar - ok
10:32:28.0429 0x210c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:32:28.0445 0x210c  mctadmin - ok
10:32:28.0460 0x210c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:32:28.0492 0x210c  Sidebar - ok
10:32:28.0492 0x210c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:32:28.0507 0x210c  mctadmin - ok
10:32:28.0523 0x210c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:32:28.0554 0x210c  Sidebar - ok
10:32:28.0554 0x210c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:32:28.0570 0x210c  mctadmin - ok
10:32:28.0616 0x210c  [ D548DFFFB69136C9CB7A4F754C40264D, 0AF2424E8D74EA4AE8404128CB44F1EBF1B22ADCF80192971F0F6FCB47D8ABA9 ] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
10:32:28.0648 0x210c  KiesHelper - ok
10:32:28.0648 0x210c  KiesAirMessage - ok
10:32:28.0710 0x210c  [ 4E1ECCEF5A912FC3DC950CDFE2CA961B, 515B64AE2FE6E9C28F8951F879E4E7CC47BFD07A9BD4AA5450B66BEC0572C1E9 ] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
10:32:28.0710 0x210c  KiesPDLR - ok
10:32:28.0710 0x210c  Waiting for KSN requests completion. In queue: 27
10:32:29.0724 0x210c  Waiting for KSN requests completion. In queue: 27
10:32:30.0738 0x210c  Waiting for KSN requests completion. In queue: 27
10:32:31.0799 0x210c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
10:32:31.0814 0x210c  Win FW state via NFP2: enabled ( trusted )
10:32:34.0388 0x210c  ===============================
10:32:34.0388 0x210c  Scan finished
10:32:34.0388 0x210c  ===========================
10:32:34.0388 0x2194  Detected object count: 0
10:32:34.0388 0x2194  Actual detected object count: 0
10:32:51.0876 0x12a8  Deinitialize success
         
Gruß, Armin

Alt 23.11.2015, 13:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Gibt es noch einen Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.11.2015, 19:01   #9
adressle
 
Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



Hallo,
der dritte ist mein Firmen-Laptop, auf dem ich gar keine Admin- Rechte habe.
Ich weiß nicht, ob der überhaupt in Frage kommt, weil eigentlich geht da alles nur per VPN Tunnel in die Firma...
Danke für deine Unterstützung. Donation folgt.
Schöne Woche und Grüße,
Armin

Alt 24.11.2015, 21:15   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Telekom Abuse-Meldung Bedep - Standard

Telekom Abuse-Meldung Bedep



kann trotzdem sein. Ich seh bei den andern beiden nix
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Telekom Abuse-Meldung Bedep
antivir, antivirus, avira, bonjour, cpu, defender, desktop, dnsapi.dll, email, failed, flash player, ftp, homepage, installation, logfile, mozilla, netzwerk, prozesse, realtek, registry, scan, server, services.exe, system, usb, windows, windows 10 pro



Ähnliche Themen: Telekom Abuse-Meldung Bedep


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Telekom Abuse-Meldung Bedep
    Log-Analyse und Auswertung - 15.06.2015 (15)
  5. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  6. urlzone2 Infektion Meldung von abuse telekom
    Log-Analyse und Auswertung - 31.10.2014 (9)
  7. Telekom Abuse Brief
    Log-Analyse und Auswertung - 09.09.2013 (19)
  8. "Abuse-Meldung" von Telekom erhalten - Verdacht auf Schadsoftware..
    Log-Analyse und Auswertung - 03.09.2013 (13)
  9. Telekom schickt abuse Brief (Sinkhole)
    Log-Analyse und Auswertung - 06.07.2013 (36)
  10. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  11. Telekom Abuse
    Log-Analyse und Auswertung - 12.03.2013 (20)
  12. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  13. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
  14. telekom Abuse Meldung malware
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (9)
  15. Telekom Abuse: Spamversand
    Log-Analyse und Auswertung - 23.07.2012 (1)
  16. Telekom Abuse Meldung: Rootkit
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (14)
  17. Telekom Abuse - Mailversandsperre - Malware(?) gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (11)

Zum Thema Telekom Abuse-Meldung Bedep - Hallo, ich habe von der Telekom eine Email bekommen mit dem Hinweis auf eine Bedep Infektion. Ich kann diese jedoch nicht eindeutig einem Rechner zuordnen, da 3 Windows Rechner im - Telekom Abuse-Meldung Bedep...
Archiv
Du betrachtest: Telekom Abuse-Meldung Bedep auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.