Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser leitet stendig auf falsche Java-Seiten um (https://www.trojaner-board.de/150199-browser-leitet-stendig-falsche-java-seiten-um.html)

Rena-Dango 23.02.2014 20:09
Browser leitet stendig auf falsche Java-Seiten um
 
Liste der Anhänge anzeigen (Anzahl: 1)
Also...Hallo erstmal. Dies ist mein erster Post in diesem Forum also bitte vergebt mir wenn ich etwas falsch mache und weist mich darauf hin.

Ich habe jetzt schon seit Monaten das Problem das mein Browser (ich benutze Google Chrome) mich uhrploetzlich auf falsche Java Seiten umleitet auf denen immer zu lesen ist ich habe eine veraltete Java-Version und solle sie updaten (ich haenge einen Screenshot an zum besseren Verstaendnis).

Anhang 65093

Als ich dieses Problem das erste Mal hatte habe ich es einfach weggeklickt und dachte es waere damit gegessen. Als das aber dann immer wieder passierte und auch immer oefter habe ich mich in meiner Verzweiflung an ein Forum gewendet das mir schon einmal bei einer anderen Infektion weitergeholfen hat (Bleepingcomputer). Mir wurde geholfen und darauf war das problem fuer einige Wochen geloest. Leider passiert es jetzt seit ein Paar Tagen wieder. (Was mir auch Sorgen bereitet ist das ein Freund von mir ploetzlich das selbe Problem hat obwohl wir keinerlei Datenaustausch haben....).

Wie auch beim letzten Mal hat mein Anti-virus Programm (Kaspersky) keinerlei Anzeichen auf eine Infektion gegeben. Als ich den Computer aber gescannt habe schlug es an. Angeblich sei ich mit einem Trojaner infiziert der wenn ich mich recht erinnere "Trojan.Win32.AntiFW.b" hiess. Leider weiss ich nicht wo ich die Log-Files von Kaspersky finden kann.

Waehrend des scans hiess es noch der Trojaner konnte nicht desinfiziert werden. Am Ende jedoch stand dann, der Trojaner waere beseitigt. Um sicher zu sein habe ich einen erneuten Scan gemacht. Nichts gefunden. Da die weiterleitungen aber trotzdem immer wieder auftauchen wende ich mich jetzt an dieses Forum. Ich mache mir ernsthaft Sorgen, denn bis jetzt konnte mir niemand dauerhaft helfen und den Datenbanken zufolge soll der "Trojan.Win32.AntiFW.b" zu den wirklich Schlimmen gehoeren...

Ich habe also die Schritte befolgt die hier auf dem Forum aufgefuehrt sind um die Log-Files zusammen zu stellen....Als ich alle Log-Files hatte habe ich meinen Laptop zugeklappt (also nur in den sleep-mode versetzt) um spaeter das Thema zu erstellen...Nur als ich zurueckkam war der Laptop AUS. Als ich ihn wiederangemacht habe kam eine Pop-up. Irgendwas mit "unexpected shutdown" was ja eigentlich nur passiert wenn ploetzlich die Stromzufuhr weg ist oder dergleichen...Was jedoch nicht der Fall war :(

Tut mir Leid das ich hier so viel schreibe, aber ich dachte jede Info koennte hilfreich sein.

Es folgen die Log-files:

defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:17 on 23/02/2014 (Rena)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 01
Ran by Rena (administrator) on RENA-PC on 23-02-2014 18:21:17
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(xwidget.com) C:\Program Files (x86)\XWidget\xwidget.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Rena\Downloads\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [NCsoft Launcher] - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [xwidget] - C:\Program Files (x86)\XWidget\xwidget.exe [1811968 2013-06-09] (xwidget.com)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1822400 2014-02-20] (Valve Corporation)
Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-06-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2012-10-28]
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2012-10-04]
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc [2012-06-19]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-11-19]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-06-24]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-18] (Kaspersky Lab ZAO)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-18] (Kaspersky Lab ZAO)
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 18:20 - 2014-02-23 18:21 - 00000000 ____D () C:\FRST
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 02:07 - 2014-02-23 02:09 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 17:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 17:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 17:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 17:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 17:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 17:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 17:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 17:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 17:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 17:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 17:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 17:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 17:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 17:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 17:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 17:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 17:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 17:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 17:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 17:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 17:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 17:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 17:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 16:39 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 16:39 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 16:39 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 16:37 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 16:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 16:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 16:36 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 16:36 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 16:36 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 16:36 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-02-23 18:21 - 2014-02-23 18:20 - 00000000 ____D () C:\FRST
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 18:17 - 2012-06-18 06:22 - 00000000 ____D () C:\Users\Rena
2014-02-23 18:10 - 2012-06-18 19:29 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Skype
2014-02-23 17:46 - 2011-11-05 19:33 - 00001198 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 17:29 - 2013-06-13 21:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-23 16:46 - 2011-11-05 19:33 - 00001194 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 16:41 - 2011-11-05 18:58 - 01792987 _____ () C:\windows\WindowsUpdate.log
2014-02-23 13:43 - 2012-08-21 12:49 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\.minecraft
2014-02-23 12:22 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 12:22 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 12:19 - 2009-07-14 06:13 - 00005156 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-23 12:15 - 2013-11-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-23 12:15 - 2013-06-18 23:41 - 00937148 _____ () C:\FaceProv.log
2014-02-23 12:15 - 2012-06-20 12:20 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\WTablet
2014-02-23 12:15 - 2011-11-05 19:46 - 00513572 _____ () C:\windows\system32\fastboot.set
2014-02-23 12:15 - 2011-11-05 19:39 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-23 12:13 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-23 12:12 - 2013-06-15 21:58 - 00023476 _____ () C:\windows\setupact.log
2014-02-23 02:09 - 2014-02-23 02:07 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 18:50 - 2011-11-05 19:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-02-21 16:07 - 2012-06-18 20:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-16 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-02-16 01:55 - 2013-08-04 01:51 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 01:53 - 2012-09-20 21:12 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 16:41 - 2011-11-05 19:33 - 00004194 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 16:41 - 2011-11-05 19:33 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 16:13 - 2013-02-16 17:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 16:13 - 2012-06-18 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 21:52 - 2012-10-24 16:36 - 00000000 ____D () C:\Users\Rena\AppData\Local\CrashDumps
2014-02-10 22:45 - 2012-06-19 11:09 - 00000000 ____D () C:\Users\Rena\Documents\My Games
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2013-07-21 13:15 - 00219709 _____ () C:\windows\DirectX.log
2014-02-10 15:57 - 2013-11-01 23:06 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-09 16:29 - 2013-07-21 13:23 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Bioshock
2014-02-06 13:16 - 2014-02-13 17:03 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 17:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 17:03 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 17:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 17:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 17:03 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 17:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 17:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 17:03 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 17:03 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 17:03 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 17:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 17:03 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 17:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 17:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 17:03 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 17:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 17:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 17:03 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 17:03 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 17:03 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 17:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 17:03 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 17:03 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 17:03 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 17:03 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 17:03 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 17:03 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-01 23:12 - 2012-06-19 20:19 - 00000000 ____D () C:\Users\Rena\.gimp-2.8
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Rena\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Rena\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Rena\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Rena\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Rena\AppData\Local\Temp\Quarantine.exe
C:\Users\Rena\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rena\AppData\Local\Temp\VMSetup2.0.0.115.exe
C:\Users\Rena\AppData\Local\Temp\VMSetup2.0.0.92.exe
C:\Users\Rena\AppData\Local\Temp\_is5A01.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 12:46

==================== End Of Log ============================
Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 01
Ran by Rena at 2014-02-23 18:22:00
Running from C:\Users\Rena\Downloads\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{C3E6E2B5-DEB5-235A-4999-4D424C11788B}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.813.3.2-110324a-116588C-Lenovo - ATI Technologies, Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVStoDVD 2.6.0 (HKLM-x32\...\AVStoDVD) (Version: 2.6.0 - MrC)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0324.2228.38483 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help English (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help French (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help German (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
ccc-utility64 (Version: 2011.0324.2228.38483 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Contrast (HKLM-x32\...\Steam App 224460) (Version:  - Compulsion Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.30 - Philipp Winterberg)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.338 - Happy Cloud, Inc.)
IconPackager (HKLM-x32\...\IconPackager) (Version: 5.10 - Stardock Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaai Yuki Vocaloid3 Library (HKLM-x32\...\Kaai Yuki Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Megurine Luka ENG Vocaloid3 Library (HKLM-x32\...\Megurine Luka ENG Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Megurine Luka JPN Vocaloid3 Library (HKLM-x32\...\Megurine Luka JPN Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nero Burning ROM (x32 Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (HKLM-x32\...\{4AC7B4F3-1B75-4BA7-82C4-F9A22B430A3D}) (Version: 12.5.00900 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oliver Vocaloid3 Library (HKLM-x32\...\Oliver Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.5 - En Masse Entertainment)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
UTAU 歌声合成ツール (HKLM-x32\...\{E36514A0-3E41-4E2B-9377-4F687A63A02B}) (Version: 1.1.17 - 飴屋プロジェクト)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vocaloid3 Free Edition v3.0.5.0 (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 - )
Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XMedia Recode Version 3.1.6.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.0 - XMedia Recode)
XWidget Ver1.84 (HKLM-x32\...\{A6E16998-A241-438F-A916-5CD59B5506C0}_is1) (Version:  - XWidget Software)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

04-02-2014 15:06:31 Windows Update
07-02-2014 17:02:36 Windows Update
10-02-2014 18:31:31 Installed DirectX
11-02-2014 15:24:27 Windows Update
13-02-2014 16:02:43 Windows Update
16-02-2014 00:53:16 Windows Update
21-02-2014 11:58:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {059B84EC-AD00-44B9-840E-22C8E21E39DD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {3A40D76B-2B18-4B17-8C00-48B29F975296} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {615A1C8E-3999-4B37-883B-D630F1317E55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {82672F44-3F99-48FA-8468-34CFD3078286} - \NCH Software\videopadShakeIcon No Task File
Task: {8B8F8DC3-F7D5-4B4A-B181-B7FFC9243CD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {CF1E27F3-0E8D-4A57-850F-CDA8577F52DE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {F16AA0EA-D095-49A5-B7F5-551D7CED5212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-05 19:39 - 2011-11-05 19:39 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-11-05 19:39 - 2011-11-05 19:39 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2010-12-14 19:05 - 2010-12-14 19:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2011-11-05 19:08 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2011-11-05 19:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-05 19:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-02-23 18:12 - 2014-02-23 18:12 - 00050477 _____ () C:\Users\Rena\Downloads\Desktop\Defogger.exe
2012-08-17 20:39 - 2013-06-18 22:30 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-06-24 00:39 - 2009-08-12 11:09 - 00077824 _____ () C:\Program Files (x86)\XWidget\Res\Lib\lib.dll
2014-01-08 17:47 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 17:47 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-10-24 09:45 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-30 11:25 - 2014-02-20 00:07 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-11-05 19:39 - 2011-11-05 19:39 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-02-14 12:41 - 2014-02-14 12:41 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aeb07412ad41bff851002a4cd8ed97d1\IsdiInterop.ni.dll
2011-11-05 19:08 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-21 18:50 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 18:50 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-21 18:50 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-21 18:50 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 18:50 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 18:50 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\windows\system32\Drivers\hxhrcall.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 00:59:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/23/2014 00:19:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/23/2014 00:19:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/23/2014 00:16:43 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/23/2014 00:14:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:39:32 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC


System errors:
=============
Error: (02/23/2014 02:39:49 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (02/22/2014 01:51:19 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (02/21/2014 06:13:08 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.

Error: (02/20/2014 00:07:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.

Error: (02/20/2014 10:22:58 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (02/20/2014 10:22:58 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (02/19/2014 01:42:39 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (02/18/2014 11:32:00 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/18/2014 11:31:58 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/18/2014 00:09:02 AM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}


Microsoft Office Sessions:
=========================
Error: (02/23/2014 00:59:57 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/23/2014 00:19:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/23/2014 00:19:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (02/23/2014 00:16:43 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/23/2014 00:14:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:39:32 AM) (Source: ATIeRecord)(User: )
Description:

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord)(User: )
Description:

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord)(User: )
Description:

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord)(User: )
Description:

Error: (02/23/2014 02:39:23 AM) (Source: ATIeRecord)(User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2014-02-23 13:00:49.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 13:00:49.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 13:00:49.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 13:00:49.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 13:00:49.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-23 13:00:49.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 18:44:22.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 18:44:22.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 18:44:22.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-21 18:44:22.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 4039.86 MB
Available physical RAM: 1904.93 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5143.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:453.63 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:12.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BA3C67D8)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-23 18:43:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Rena\AppData\Local\Temp\kxldrpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                        fffff800035f9000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                        fffff800035f902f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey        000000007750faa8 5 bytes JMP 00000001738619e8
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory  0000000077510038 5 bytes JMP 000000017386209e
.text    C:\Program Files (x86)\Steam\Steam.exe[3624] C:\windows\syswow64\KERNELBASE.dll!HeapCreate                                                000000007542549c 5 bytes JMP 00000001001f0800
.text    C:\Program Files (x86)\Steam\Steam.exe[3624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69                                      0000000075f51465 2 bytes [F5, 75]
.text    C:\Program Files (x86)\Steam\Steam.exe[3624] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155                                    0000000075f514bb 2 bytes [F5, 75]
.text    ...                                                                                                                                      * 2
.text    C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe[3816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075f51465 2 bytes [F5, 75]
.text    C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe[3816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000075f514bb 2 bytes [F5, 75]
.text    ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\windows\system32\svchost.exe [820:2088]                                                                                                000007fef80238e4
Thread    C:\windows\system32\svchost.exe [820:2080]                                                                                                000007fef802ccc4
Thread    C:\windows\System32\spoolsv.exe [1568:2860]                                                                                              000007fef77f10c8
Thread    C:\windows\System32\spoolsv.exe [1568:2864]                                                                                              000007fef77b6144
Thread    C:\windows\System32\spoolsv.exe [1568:2868]                                                                                              000007fef75a5fd0
Thread    C:\windows\System32\spoolsv.exe [1568:2872]                                                                                              000007fef7593438
Thread    C:\windows\System32\spoolsv.exe [1568:2876]                                                                                              000007fef75a63ec
Thread    C:\windows\System32\spoolsv.exe [1568:2884]                                                                                              000007fef7885e5c
Thread    C:\windows\System32\spoolsv.exe [1568:2888]                                                                                              000007fef78b5074
Thread    C:\windows\system32\svchost.exe [1596:1620]                                                                                              000007fefcb21a70
Thread    C:\windows\system32\svchost.exe [1596:1624]                                                                                              000007fefcb21a70
Thread    C:\windows\system32\svchost.exe [1596:1636]                                                                                              000007fefcb21a70
Thread    C:\windows\system32\svchost.exe [1596:1644]                                                                                              000007fef9672c70
Thread    C:\windows\system32\svchost.exe [1596:1652]                                                                                              000007fef967fb40
Thread    C:\windows\system32\svchost.exe [1596:1664]                                                                                              000007fef9691d20
Thread    C:\windows\system32\svchost.exe [1596:1668]                                                                                              000007fef967f6f0
Thread    C:\windows\system32\svchost.exe [1596:2056]                                                                                              000007fef93835c0
Thread    C:\windows\system32\svchost.exe [1596:2520]                                                                                              000007fef9385600
Thread    C:\windows\system32\svchost.exe [1596:2112]                                                                                              000007fef81d2940
Thread    C:\windows\system32\svchost.exe [1596:2704]                                                                                              000007fef8612888
Thread    C:\windows\system32\svchost.exe [1596:6272]                                                                                              000007fef8612a40
Thread    C:\windows\SysWOW64\ntdll.dll [4004:4008]                                                                                                00000000012e13c5
Thread    C:\windows\SysWOW64\ntdll.dll [4004:4208]                                                                                                00000000712f786a
Thread    C:\windows\SysWOW64\ntdll.dll [4004:4340]                                                                                                00000000698a0716
Thread    C:\windows\system32\svchost.exe [4668:4712]                                                                                              000007fef6348470
Thread    C:\windows\system32\svchost.exe [4668:4716]                                                                                              000007fef6352418
Thread    C:\windows\system32\svchost.exe [4668:4896]                                                                                              000007fef75a5fd0
Thread    C:\windows\system32\svchost.exe [4668:4900]                                                                                              000007fef75a63ec
Thread    C:\windows\system32\svchost.exe [4668:2968]                                                                                              000007feeeb0f130
Thread    C:\windows\system32\svchost.exe [4668:3380]                                                                                              000007feeeb04734
Thread    C:\windows\system32\svchost.exe [4668:7084]                                                                                              000007feeeb04734
Thread    C:\windows\System32\svchost.exe [6092:5068]                                                                                              000007fee9129688

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e3a8db                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e3a8db@60d0a9049164                                                  0x1E 0x21 0x3F 0x0A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e3a8db@0023f1915b2e                                                  0x75 0xA0 0x93 0x36 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819e3a8db@8c71f89da3ee                                                  0x5C 0xA2 0xDA 0x88 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e3a8db (not active ControlSet)                                         
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e3a8db@60d0a9049164                                                      0x1E 0x21 0x3F 0x0A ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e3a8db@0023f1915b2e                                                      0x75 0xA0 0x93 0x36 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819e3a8db@8c71f89da3ee                                                      0x5C 0xA2 0xDA 0x88 ...

---- EOF - GMER 2.1 ----
Ich bin fuer jede Hilfe unglaublich dankbar !!!

schrauber 24.02.2014 07:49
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Rena-Dango 24.02.2014 17:18
Hallo und vielen Dank fuer deine Hilfe!

Hier ist die Log-Datei von Combofix:

Code:
ComboFix 14-02-24.01 - Rena 24.02.2014  16:57:56.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1033.18.4040.2446 [GMT 1:00]
ausgeführt von:: c:\users\Rena\Downloads\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rena\AppData\Local\assembly\tmp
c:\users\Rena\AppData\Roaming\inst.exe
c:\windows\s.bat
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-01-24 bis 2014-02-24  ))))))))))))))))))))))))))))))
.
.
2014-02-24 16:05 . 2014-02-24 16:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-02-23 17:20 . 2014-02-23 17:22        --------        d-----w-        C:\FRST
2014-02-22 00:51 . 2014-02-24 16:00        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE94FF7-279E-4901-8A1F-6D8130918E46}\offreg.dll
2014-02-21 14:54 . 2014-02-21 14:54        --------        d-----w-        c:\users\Rena\AppData\Roaming\Oracle
2014-02-21 11:59 . 2014-02-06 09:01        10536864        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CE94FF7-279E-4901-8A1F-6D8130918E46}\mpengine.dll
2014-02-13 16:04 . 2013-12-21 09:53        548864        ----a-w-        c:\windows\system32\vbscript.dll
2014-02-13 16:04 . 2013-12-21 08:56        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-02-13 15:39 . 2013-12-06 02:30        1882112        ----a-w-        c:\windows\system32\msxml3.dll
2014-02-13 15:39 . 2013-12-06 02:02        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2014-02-13 15:39 . 2013-12-06 02:30        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2014-02-13 15:39 . 2013-12-06 02:02        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2014-02-13 15:36 . 2013-12-24 23:09        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-02-13 15:36 . 2013-12-24 22:48        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-02-13 15:36 . 2013-11-26 08:16        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2014-02-13 15:36 . 2013-11-22 22:48        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2014-02-10 18:34 . 2014-02-10 18:34        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2014-02-10 18:34 . 2014-02-10 18:34        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2014-02-10 18:33 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\SysWow64\D3DX9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 00:53 . 2012-09-20 20:12        88567024        ----a-w-        c:\windows\system32\MRT.exe
2013-12-18 20:09 . 2014-01-17 14:30        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 05:13 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2013-12-10 20:46 . 2012-08-02 13:09        29792        ----a-w-        c:\windows\system32\drivers\klim6.sys
2013-12-10 20:46 . 2012-06-19 15:28        458336        ----a-w-        c:\windows\system32\drivers\kl1.sys
2013-12-03 22:33 . 2013-12-03 22:33        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 22:33 . 2013-12-03 22:33        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-12-03 22:33 . 2013-12-03 22:33        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-12-03 22:33 . 2013-12-03 22:33        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 22:33 . 2013-12-03 22:33        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-12-03 22:33 . 2013-12-03 22:33        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 22:33 . 2013-12-03 22:33        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-12-03 22:33 . 2013-12-03 22:33        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-12-03 22:33 . 2013-12-03 22:33        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-12-03 22:33 . 2013-12-03 22:33        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-12-03 22:33 . 2013-12-03 22:33        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-12-03 22:33 . 2013-12-03 22:33        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 22:33 . 2013-12-03 22:33        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 22:33 . 2013-12-03 22:33        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-12-03 22:33 . 2013-12-03 22:33        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-12-03 22:33 . 2013-12-03 22:33        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-12-03 22:33 . 2013-12-03 22:33        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 22:33 . 2013-12-03 22:33        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-12-03 22:33 . 2013-12-03 22:33        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-12-03 22:33 . 2013-12-03 22:33        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-12-03 22:33 . 2013-12-03 22:33        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-12-03 22:33 . 2013-12-03 22:33        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-12-03 22:33 . 2013-12-03 22:33        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-12-03 22:33 . 2013-12-03 22:33        413696        ----a-w-        c:\windows\system32\html.iec
2013-12-03 22:33 . 2013-12-03 22:33        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 22:33 . 2013-12-03 22:33        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-12-03 22:33 . 2013-12-03 22:33        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 22:33 . 2013-12-03 22:33        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-12-03 22:33 . 2013-12-03 22:33        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-12-03 22:33 . 2013-12-03 22:33        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-12-03 22:33 . 2013-12-03 22:33        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-12-03 22:33 . 2013-12-03 22:33        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-12-03 22:33 . 2013-12-03 22:33        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-12-03 22:33 . 2013-12-03 22:33        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-12-03 22:33 . 2013-12-03 22:33        235520        ----a-w-        c:\windows\system32\url.dll
2013-12-03 22:33 . 2013-12-03 22:33        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-12-03 22:33 . 2013-12-03 22:33        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-12-03 22:33 . 2013-12-03 22:33        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-12-03 22:33 . 2013-12-03 22:33        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-12-03 22:33 . 2013-12-03 22:33        147968        ----a-w-        c:\windows\system32\occache.dll
2013-12-03 22:33 . 2013-12-03 22:33        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-12-03 22:33 . 2013-12-03 22:33        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-12-03 22:33 . 2013-12-03 22:33        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-12-03 22:33 . 2013-12-03 22:33        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-12-03 22:33 . 2013-12-03 22:33        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-12-03 22:33 . 2013-12-03 22:33        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-12-03 22:33 . 2013-12-03 22:33        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-12-03 22:33 . 2013-12-03 22:33        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-12-03 22:33 . 2013-12-03 22:33        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 22:33 . 2013-12-03 22:33        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-12-03 22:33 . 2013-12-03 22:33        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 22:33 . 2013-12-03 22:33        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-27 01:41 . 2014-01-15 17:11        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 17:11        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 17:11        53248        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 17:11        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 17:11        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 17:11        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 17:11        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2013-11-11 21:03 . 2013-11-11 21:05        727029        ----a-w-        c:\program files (x86)\unins000.exe
2012-07-21 13:28 . 2013-11-11 21:06        306783        ----a-w-        c:\program files (x86)\activation_tool.exe
2012-07-21 10:55 . 2013-11-11 21:06        9873920        ----a-w-        c:\program files (x86)\VOCALOID3.exe
2012-07-15 11:37 . 2013-11-11 21:05        7962624        ----a-w-        c:\program files (x86)\DSE3.dll
2012-07-12 10:22 . 2013-11-11 21:05        423424        ----a-w-        c:\program files (x86)\DSCL3.dll
2012-07-12 09:59 . 2013-11-11 21:05        137728        ----a-w-        c:\program files (x86)\dbm3.dll
2012-05-21 15:41 . 2013-11-11 21:06        124416        ----a-w-        c:\program files (x86)\g2pa3_CHS.dll
2012-04-24 09:19 . 2013-11-11 21:06        624640        ----a-w-        c:\program files (x86)\Vsq3.dll
2012-04-16 10:02 . 2013-11-11 21:06        177152        ----a-w-        c:\program files (x86)\VstHost3.dll
2012-04-16 10:00 . 2013-11-11 21:06        136704        ----a-w-        c:\program files (x86)\vedit3.dll
2012-04-16 09:58 . 2013-11-11 21:06        76288        ----a-w-        c:\program files (x86)\udm3_eng.dll
2011-11-16 09:46 . 2013-11-11 21:06        245248        ----a-w-        c:\program files (x86)\g2pa3_ESP.dll
2011-11-11 14:23 . 2013-11-11 21:06        160256        ----a-w-        c:\program files (x86)\g2pa3_KOR.dll
2011-11-10 18:56 . 2013-11-11 21:06        4886528        ----a-w-        c:\program files (x86)\g2pa3_ENG.dll
2011-10-31 19:34 . 2013-11-11 21:06        117760        ----a-w-        c:\program files (x86)\g2pa3_JPN.dll
2011-10-31 09:16 . 2013-11-11 21:06        1888256        ----a-w-        c:\program files (x86)\xerces-c_3_1.dll
2011-10-31 09:16 . 2013-11-11 21:06        24229376        ----a-w-        c:\program files (x86)\DSE3_DFT.dll
2011-10-20 17:00 . 2013-11-11 21:06        4479832        ----a-w-        c:\program files (x86)\vcredist_x86.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-06-09 1811968]
"Akamai NetSession Interface"="c:\users\Rena\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-19 1822400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-05 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-09 356128]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys;c:\windows\SYSNATIVE\DRIVERS\avfsfilter.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys;c:\windows\SYSNATIVE\DRIVERS\mcdevice.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe;c:\windows\SYSNATIVE\Wacom_Tablet.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 17:47        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 18:33]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 18:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-11-05 18:39        1508192        ----a-w-        c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-05 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-05 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-05 5908928]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-NCsoft Launcher - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
Wow6432Node-HKLM-Run-NCUpdateHelper - c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
AddRemove-AVStoDVD - c:\program files (x86)\AVStoDVD\uninst.exe
AddRemove-ExpressBurn - c:\program files (x86)\NCH Software\ExpressBurn\expressburn.exe
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
AddRemove-{AC77F21D-5A14-99BA-0EFA-96915CD3EFC5} - c:\progra~3\INSTAL~1\{57E3C~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-595379271-2033000612-2640346619-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2f,da,e1,ce,a3,46,1a,2a,f8,27,31,da,3d,1a,f0,30,6f,70,c5,75,15,b8,e8,
  e4,93,39,e4,ed,25,34,62,84,b0,1e,a8,3b,02,0d,f5,d1,2d,4d,3e,c8,af,6f,b7,62,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-24  17:07:57
ComboFix-quarantined-files.txt  2014-02-24 16:07
.
Vor Suchlauf: 489.244.221.440 bytes free
Nach Suchlauf: 494.398.132.224 bytes free
.
- - End Of File - - B38B545C8E80B32EAF57FF911A271300

schrauber 25.02.2014 13:08
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Rena-Dango 25.02.2014 22:01
Malwarebytes log:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Rena :: RENA-PC [Administrator]

25.02.2014 19:12:18
mbam-log-2014-02-25 (19-12-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395013
Laufzeit: 1 Stunde(n), 29 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
AdwCleaner-log
Code:
# AdwCleaner v3.019 - Report created 25/02/2014 at 21:29:02
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rena - RENA-PC
# Running from : C:\Users\Rena\Downloads\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\TechSmith
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
Folder Deleted : C:\Program Files (x86)\TechSmith
Folder Deleted : C:\Users\Rena\AppData\Local\TechSmith
Folder Deleted : C:\Users\Rena\AppData\Roaming\TechSmith
File Deleted : C:\windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3246 octets] - [31/12/2013 15:40:13]
AdwCleaner[R1].txt - [1811 octets] - [25/02/2014 21:26:23]
AdwCleaner[S0].txt - [3078 octets] - [31/12/2013 15:41:00]
AdwCleaner[S1].txt - [1756 octets] - [25/02/2014 21:29:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1816 octets] ##########
JRT :

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rena on 25.02.2014 at 21:37:42,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2014 at 21:44:33,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Rena (administrator) on RENA-PC on 25-02-2014 21:48:28
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(xwidget.com) C:\Program Files (x86)\XWidget\xwidget.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [xwidget] - C:\Program Files (x86)\XWidget\xwidget.exe [1811968 2013-06-09] (xwidget.com)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-24] (Valve Corporation)
Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-06-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2012-10-28]
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2012-10-04]
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc [2012-06-19]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-11-19]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-06-24]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-18] (Kaspersky Lab ZAO)
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-25 19:06 - 2014-02-25 19:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 19:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-24 17:07 - 2014-02-24 17:07 - 00026001 _____ () C:\ComboFix.txt
2014-02-24 16:55 - 2014-02-24 17:08 - 00000000 ____D () C:\Qoobox
2014-02-24 16:55 - 2014-02-24 17:06 - 00000000 ____D () C:\windows\erdnt
2014-02-24 16:55 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-02-24 16:55 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-02-24 16:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 18:20 - 2014-02-25 21:48 - 00000000 ____D () C:\FRST
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 02:07 - 2014-02-23 02:09 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 17:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 17:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 17:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 17:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 17:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 17:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 17:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 17:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 17:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 17:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 17:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 17:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 17:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 17:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 17:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 17:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 17:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 17:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 17:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 17:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 17:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 17:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 17:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 16:39 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 16:39 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 16:39 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 16:37 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 16:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 16:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 16:36 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 16:36 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 16:36 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 16:36 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-02-25 21:48 - 2014-02-23 18:20 - 00000000 ____D () C:\FRST
2014-02-25 21:46 - 2011-11-05 19:33 - 00001198 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-25 21:39 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 21:39 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 21:35 - 2009-07-14 06:13 - 00005156 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-25 21:34 - 2013-06-13 21:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-25 21:33 - 2013-11-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-25 21:32 - 2012-06-18 19:29 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Skype
2014-02-25 21:31 - 2013-06-18 23:41 - 00951147 _____ () C:\FaceProv.log
2014-02-25 21:31 - 2013-06-15 21:58 - 00023700 _____ () C:\windows\setupact.log
2014-02-25 21:31 - 2012-09-24 22:04 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-02-25 21:31 - 2011-11-05 19:46 - 00262480 _____ () C:\windows\system32\fastboot.set
2014-02-25 21:31 - 2011-11-05 19:39 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-25 21:31 - 2011-11-05 19:33 - 00001194 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 21:31 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-25 21:30 - 2011-11-05 18:58 - 01877929 _____ () C:\windows\WindowsUpdate.log
2014-02-25 21:29 - 2013-12-31 15:19 - 00000000 ____D () C:\AdwCleaner
2014-02-25 19:06 - 2014-02-25 19:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 19:06 - 2013-06-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 17:32 - 2012-06-20 12:20 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\WTablet
2014-02-25 17:31 - 2013-06-16 16:57 - 00008686 _____ () C:\windows\PFRO.log
2014-02-24 17:08 - 2014-02-24 16:55 - 00000000 ____D () C:\Qoobox
2014-02-24 17:07 - 2014-02-24 17:07 - 00026001 _____ () C:\ComboFix.txt
2014-02-24 17:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-24 17:06 - 2014-02-24 16:55 - 00000000 ____D () C:\windows\erdnt
2014-02-24 17:06 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-02-23 21:45 - 2012-08-21 12:49 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\.minecraft
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 19:36 - 2013-06-30 15:59 - 701251290 _____ () C:\windows\MEMORY.DMP
2014-02-23 19:36 - 2012-06-30 20:53 - 00000000 ____D () C:\windows\Minidump
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 18:17 - 2012-06-18 06:22 - 00000000 ____D () C:\Users\Rena
2014-02-23 02:09 - 2014-02-23 02:07 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 18:50 - 2011-11-05 19:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-02-21 16:07 - 2012-06-18 20:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-16 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-02-16 01:55 - 2013-08-04 01:51 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 01:53 - 2012-09-20 21:12 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 16:41 - 2011-11-05 19:33 - 00004194 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 16:41 - 2011-11-05 19:33 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 16:13 - 2013-02-16 17:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 16:13 - 2012-06-18 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 21:52 - 2012-10-24 16:36 - 00000000 ____D () C:\Users\Rena\AppData\Local\CrashDumps
2014-02-10 22:45 - 2012-06-19 11:09 - 00000000 ____D () C:\Users\Rena\Documents\My Games
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2013-07-21 13:15 - 00219709 _____ () C:\windows\DirectX.log
2014-02-10 15:57 - 2013-11-01 23:06 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-09 16:29 - 2013-07-21 13:23 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Bioshock
2014-02-06 13:16 - 2014-02-13 17:03 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 17:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 17:03 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 17:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 17:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 17:03 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 17:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 17:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 17:03 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 17:03 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 17:03 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 17:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 17:03 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 17:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 17:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 17:03 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 17:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 17:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 17:03 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 17:03 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 17:03 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 17:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 17:03 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 17:03 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 17:03 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 17:03 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 17:03 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 17:03 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-01 23:12 - 2012-06-19 20:19 - 00000000 ____D () C:\Users\Rena\.gimp-2.8
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Rena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 12:46

==================== End Of Log ============================
--- --- ---

schrauber 26.02.2014 16:29

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Rena-Dango 01.03.2014 18:16
Da ich mehr externe Driver habe als Schnittstellen habe ich den ESET-Scan zwei mal gemacht. Der Log vom 2ten Scan scheint aber den vom 1sten ersetzt zu haben. Muss ich den 1sten jetzt nochmal machen? Ich hab erstmal darauf verzichtet da er die ganze Nacht lief letztes Mal. Aber wenn er wichtig ist mache ich es noch.

Erstmal der Log vom 2ten scan:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a718218fe0c69c42b71ba3691937e670
# engine=17256
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-28 02:28:10
# local_time=2014-02-28 03:28:10 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 28225 48324412 0 0
# compatibility_mode=5893 16776573 100 94 118997 145184340 0 0
# scanned=197182
# found=0
# cleaned=0
# scan_time=23752
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a718218fe0c69c42b71ba3691937e670
# engine=17280
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-01 12:53:00
# local_time=2014-03-01 01:53:00 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 24244 48448302 0 0
# compatibility_mode=5893 16776573 100 94 62088 145308230 0 0
# scanned=192543
# found=0
# cleaned=0
# scan_time=4783
Securitycheck:

Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 51 
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.107 
 Google Chrome 33.0.1750.117 
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by Rena (administrator) on RENA-PC on 01-03-2014 17:30:43
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(xwidget.com) C:\Program Files (x86)\XWidget\xwidget.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [xwidget] - C:\Program Files (x86)\XWidget\xwidget.exe [1811968 2013-06-09] (xwidget.com)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-06-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2012-10-28]
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2012-10-04]
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc [2012-06-19]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-11-19]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-06-24]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-18] (Kaspersky Lab ZAO)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-18] (Kaspersky Lab ZAO)
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 20:48 - 2014-02-27 20:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Rena\AppData\Local\Skype
2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-25 19:06 - 2014-02-25 19:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 19:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-24 17:07 - 2014-02-24 17:07 - 00026001 _____ () C:\ComboFix.txt
2014-02-24 16:55 - 2014-02-24 17:08 - 00000000 ____D () C:\Qoobox
2014-02-24 16:55 - 2014-02-24 17:06 - 00000000 ____D () C:\windows\erdnt
2014-02-24 16:55 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-02-24 16:55 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-02-24 16:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-02-24 16:55 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 18:20 - 2014-03-01 17:30 - 00000000 ____D () C:\FRST
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 02:07 - 2014-02-23 02:09 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 17:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 17:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 17:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-13 17:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-13 17:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-13 17:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-13 17:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-13 17:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-13 17:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-13 17:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-13 17:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-13 17:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-13 17:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-13 17:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-13 17:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-13 17:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-13 17:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-13 17:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-13 17:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-13 17:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-13 17:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-13 17:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-13 17:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-13 17:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-13 17:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-13 17:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-13 17:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-13 17:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-13 17:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-13 17:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-13 17:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 16:39 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 16:39 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 16:39 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 16:37 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 16:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 16:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 16:36 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 16:36 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 16:36 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 16:36 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-03-01 17:30 - 2014-02-23 18:20 - 00000000 ____D () C:\FRST
2014-03-01 17:19 - 2013-06-13 21:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-01 17:11 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 17:11 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 17:08 - 2011-11-05 18:58 - 01997685 _____ () C:\windows\WindowsUpdate.log
2014-03-01 17:07 - 2009-07-14 06:13 - 00006250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-01 17:04 - 2012-09-24 22:04 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-01 17:04 - 2011-11-05 19:46 - 00569868 _____ () C:\windows\system32\fastboot.set
2014-03-01 17:03 - 2013-11-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-01 17:03 - 2013-06-18 23:41 - 00968000 _____ () C:\FaceProv.log
2014-03-01 17:03 - 2013-06-15 21:58 - 00024036 _____ () C:\windows\setupact.log
2014-03-01 17:03 - 2011-11-05 19:39 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-01 17:03 - 2011-11-05 19:33 - 00001194 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 17:03 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-01 15:09 - 2012-06-18 19:29 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Skype
2014-03-01 14:46 - 2011-11-05 19:33 - 00001198 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 08:09 - 2012-06-20 12:20 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\WTablet
2014-02-27 20:48 - 2014-02-27 20:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Rena\AppData\Local\Skype
2014-02-27 19:40 - 2013-02-16 17:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 19:40 - 2012-06-18 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-26 18:13 - 2013-06-16 16:57 - 00109858 _____ () C:\windows\PFRO.log
2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-25 21:29 - 2013-12-31 15:19 - 00000000 ____D () C:\AdwCleaner
2014-02-25 19:06 - 2014-02-25 19:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 19:06 - 2013-06-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-24 17:08 - 2014-02-24 16:55 - 00000000 ____D () C:\Qoobox
2014-02-24 17:07 - 2014-02-24 17:07 - 00026001 _____ () C:\ComboFix.txt
2014-02-24 17:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-24 17:06 - 2014-02-24 16:55 - 00000000 ____D () C:\windows\erdnt
2014-02-24 17:06 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-02-23 21:45 - 2012-08-21 12:49 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\.minecraft
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 19:36 - 2013-06-30 15:59 - 701251290 _____ () C:\windows\MEMORY.DMP
2014-02-23 19:36 - 2012-06-30 20:53 - 00000000 ____D () C:\windows\Minidump
2014-02-23 18:17 - 2014-02-23 18:17 - 00000000 _____ () C:\Users\Rena\defogger_reenable
2014-02-23 18:17 - 2012-06-18 06:22 - 00000000 ____D () C:\Users\Rena
2014-02-23 02:09 - 2014-02-23 02:07 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 18:50 - 2011-11-05 19:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-02-21 16:07 - 2012-06-18 20:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-16 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-02-16 01:55 - 2013-08-04 01:51 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 01:53 - 2012-09-20 21:12 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 16:41 - 2011-11-05 19:33 - 00004194 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 16:41 - 2011-11-05 19:33 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 21:52 - 2012-10-24 16:36 - 00000000 ____D () C:\Users\Rena\AppData\Local\CrashDumps
2014-02-10 22:45 - 2012-06-19 11:09 - 00000000 ____D () C:\Users\Rena\Documents\My Games
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-10 19:34 - 2014-02-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-10 19:33 - 2013-07-21 13:15 - 00219709 _____ () C:\windows\DirectX.log
2014-02-10 15:57 - 2013-11-01 23:06 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-09 16:29 - 2013-07-21 13:23 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Bioshock
2014-02-06 13:16 - 2014-02-13 17:03 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 17:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 17:03 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 17:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 17:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 17:03 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 17:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 17:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 17:03 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 17:03 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 17:03 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 17:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 17:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 17:03 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 17:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 17:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 17:03 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 17:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 17:03 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 17:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 17:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 17:03 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 17:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 17:03 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 17:03 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 17:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 17:03 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 17:03 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 17:03 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 17:03 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 17:03 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 17:03 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-01 23:12 - 2012-06-19 20:19 - 00000000 ____D () C:\Users\Rena\.gimp-2.8
2014-02-01 23:11 - 2014-02-01 23:11 - 00003414 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Rena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 04:01

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Zitat:
Noch Probleme?
Hm, also bist jetzt ist die komische "Java"-Seite nicht nochmal aufgetaucht.

schrauber 02.03.2014 18:18
Passt schon. Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Rena-Dango 06.03.2014 21:19
Also ich hab alles erledigt!

Vielen vielen Dank fuer deine Hilfe !!!

Meine Frage jetzt waere noch: Was war denn das ueberhaupt was ich da auf meinem Pc hatte?
War es sehr schlimm? Und wie ist es moeglich das sich meine Freunde das gleiche einfangen ohne das irgendwelcher Datenaustausch zwischen uns besteht? (Falls das alles ueberhaupt aus den Logs hervorgeht. Ich bin da ja leider nicht sehr bewandert..)

schrauber 07.03.2014 19:05
Adware und Kram. Habt Ihr vielleicht auf der gleichen nicht so sauberen Seite Sachen geladen?

Rena-Dango 07.03.2014 20:52
Kann eigentlich nicht sein, da er wegen seinem extrem alten und langsamen Pc nichts mehr downloadet. Er befindet sich immer nur auf vertrauenswuerdigen Seiten. Zu 99% Youtube. (Und selbst das schafft sein Pc nur noch grade so)

schrauber 08.03.2014 17:10
Naja, Youtube als vertrauenswürdig zu bezeichnen is teilweise schon mutig ;)

Rena-Dango 09.03.2014 23:45
Wieso das? Ich hab noch nie gehoert das sich jemals jemand auf youtube allein durch das schauen von Videos etwas eingefangen haette..

schrauber 10.03.2014 17:08
Du kennst diese netten Addons in den Videos, wo man per Klick gleich zum nächsten Video weitergeleitet wird, oder zu einer Seite. Die Dinger kann man auch verstecken ;)

Rena-Dango 10.03.2014 20:22
Ach das meinst du. Ja klar, das ist ein Risiko. Allerdings auch nur wenn man Videos von nicht vertrauenswuerdigen Personen schaut. Und selbst wenn man irgendwelche Videos schaut. Mittlerweile zeigt Youtube die Ramen von den Teilen an, also muss man schon ziemlich bescheuert sein wenn man da einfach draufklickt. Ist mir auch noch nie passiert.

schrauber 11.03.2014 13:32
Als Beispiel:

Caphaw Trojan Found in Youtube Ads | Emsisoft Blog

Rena-Dango 12.03.2014 23:21
Achso du meintest die Werbung. Sollte heutzutage nicht jeder wissen das man nicht auf Ads klickt, egal auf welcher Seite man sich befindet? Die Risiken sind ueberall, man kann halt nur so gut wie moeglich versuchen sie zu umgehen. Und ich gebe mir was das geht wirklich alle Muehe.

Trotzdem Danke fuer die interessante Info.

schrauber 13.03.2014 13:36
Ja sollte man, aber ich erlebe täglich das Gegenteil :)

Rena-Dango 15.03.2014 10:51
Ja glaub ich dir :(

Okey ich fuerchte ich habe ein ernstes Problem...Kaspersky hat sich grade eben ploetzlich von allein ausgeschaltet, meine Firewall ebenso, und dann wurde mir angezeigt mein Lizensschluessel koennte nicht ueberprueft werden. Ich hab sofort den Pc ausgemacht, im Safemode gestartet, Firewall angeschaltet, Kaspersky wieder gestartet, geupdatet, Lizenschluessel wieder Aktiv. Irgendwas stimmt hier ganz gewaltig nicht. Muss ich einen neues Thema deswegen aufmachen? Das macht mir grad ziemlich Angst :(

Edit: Ich habe eine ganz boese Ahnung....Ich glaube es ist ein Rootkit :( Kaspersky hat schon selbst jetzt mit einer Root-kit Suche begonnen. 108 Dateien gescannt, angeblich nichts gefunden...

Edit:Mir ist eingefallen das bevor mir das passiert ist das System sich geupdatet hatte. Kann es sein das das gar kein regulaeres Update war?

Ich habe versucht einen Scan mit dem McAfee rootkitremover zu machen.

Code:
[ TimeStamp: 20140314 235403 ]Rootkit Remover v0.8.9.171 [Feb 11 2014 - 16:35:32]
McAfee Labs.

Windows build 6.1.7601 x64 Service Pack 1
Checking for updates ...


Scanning for user-mode threats ...
WARNING: Unable to load kernel-mode driver
Please ensure to run this tool as administrator.

Scanning for kernel-mode threats ...
    Scan Result --> No trojan or viruses found!
Scan Finished
Unable to load kernel-mode driver?
Ich habe definitiv als administrator ausgefuehrt.
Das ist doch nicht normal oder?

Achja und TdssKiller hat auch nichts gefunden...

Sorry wenn ich etwas panisch reagiere ;_; Ich habe nur diesen einen Pc und ohne den bin ich gewaltig aufgeschmissen...

schrauber 15.03.2014 17:31
Immer locker bleiben. Poste mal ein frisches FRST log.

Rena-Dango 15.03.2014 21:23
Okey :(



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Rena (administrator) on RENA-PC on 15-03-2014 21:20:10
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(xwidget.com) C:\Program Files (x86)\XWidget\xwidget.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Akamai Technologies, Inc.) C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\system32\wbem\WMIADAP.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [xwidget] - C:\Program Files (x86)\XWidget\xwidget.exe [1811968 2013-06-09] (xwidget.com)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Rena\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-595379271-2033000612-2640346619-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-06-18]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2012-10-28]
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2012-10-04]
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc [2012-06-19]
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc [2012-11-19]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-06-24]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Rena\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X]
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
S3 MFE_RR; \??\C:\Users\Rena\AppData\Local\Temp\mfe_rr.sys [X]
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 21:19 - 2014-03-15 21:20 - 00000000 ____D () C:\FRST
2014-03-15 12:53 - 2014-03-15 12:53 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-03-15 00:09 - 2014-03-15 00:09 - 00380416 _____ () C:\Users\Rena\Downloads\rgy6ti4h.exe
2014-03-14 23:44 - 2014-03-14 23:44 - 00000000 ____D () C:\Users\Rena\Downloads\tdsskiller
2014-03-14 23:43 - 2014-03-14 23:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Rena\Downloads\tdsskiller.exe
2014-03-14 23:01 - 2014-03-14 23:01 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 23:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-13 19:52 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-13 19:51 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-13 19:51 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-13 19:51 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-13 19:51 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-13 19:51 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-13 19:50 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-13 19:50 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-13 19:50 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-13 19:50 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-13 19:50 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-13 19:50 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-13 19:50 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-13 19:50 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-13 19:50 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-13 19:50 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-13 19:50 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-13 19:50 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-13 19:50 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-13 19:50 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-13 19:50 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-13 19:50 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-13 19:50 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-13 19:50 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-13 19:50 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-13 19:50 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-13 19:50 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-13 19:50 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-13 19:50 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-13 19:50 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-13 19:50 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-13 19:50 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-13 19:50 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-13 19:50 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-13 19:50 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-13 19:50 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-13 19:50 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-13 19:50 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-13 19:50 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-13 19:50 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-13 19:50 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-13 19:50 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-13 19:50 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-13 19:50 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-13 19:47 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-13 19:47 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-13 19:46 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-13 19:46 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-10 22:57 - 2014-03-11 19:29 - 00000000 ____D () C:\Program Files (x86)\DMO
2014-03-10 21:45 - 2014-03-10 22:39 - 760347378 _____ () C:\Users\Rena\Downloads\DMO_Install_20130409.exe
2014-03-07 23:24 - 2014-03-07 23:24 - 00007600 _____ () C:\Users\Rena\AppData\Local\Resmon.ResmonCfg
2014-03-07 20:42 - 2014-03-07 21:22 - 02206190 _____ () C:\Users\Rena\Documents\AutoSave_Unbenannt.skp
2014-03-06 21:10 - 2014-03-06 21:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-06 20:46 - 2014-03-06 20:46 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-06 20:46 - 2014-03-06 20:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-06 20:46 - 2014-03-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-06 20:33 - 2014-03-06 20:33 - 00000000 ____D () C:\Users\Rena\AppData\Local\Secunia PSI
2014-03-06 20:33 - 2014-03-06 20:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-06 20:31 - 2014-03-06 20:32 - 05329480 _____ (Secunia) C:\Users\Rena\Downloads\PSISetup_3.0.0.9016.exe
2014-03-06 20:05 - 2014-03-06 20:06 - 00001396 _____ () C:\DelFix.txt
2014-03-06 19:06 - 2014-03-06 19:06 - 00002725 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel
2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Rena\AppData\Local\Skype
2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-24 16:55 - 2014-03-06 20:03 - 00000000 ____D () C:\windows\erdnt
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 02:07 - 2014-02-23 02:09 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 17:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 17:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 16:39 - 2014-01-01 00:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 16:39 - 2014-01-01 00:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 16:39 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 16:39 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 16:37 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 16:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 16:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 16:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 16:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 16:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 16:36 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 16:36 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 16:36 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 16:36 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-15 21:20 - 2014-03-15 21:19 - 00000000 ____D () C:\FRST
2014-03-15 21:19 - 2011-11-05 18:58 - 01700626 _____ () C:\windows\WindowsUpdate.log
2014-03-15 21:18 - 2013-06-13 21:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-15 21:16 - 2013-11-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-15 21:16 - 2012-06-18 19:29 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Skype
2014-03-15 21:16 - 2011-11-05 19:39 - 00000000 ____D () C:\ProgramData\VeriFace
2014-03-15 21:15 - 2013-06-18 23:41 - 01025991 _____ () C:\FaceProv.log
2014-03-15 21:15 - 2013-06-15 21:58 - 00025884 _____ () C:\windows\setupact.log
2014-03-15 21:15 - 2012-06-20 12:20 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\WTablet
2014-03-15 21:15 - 2011-11-05 19:46 - 00534346 _____ () C:\windows\system32\fastboot.set
2014-03-15 21:15 - 2011-11-05 19:33 - 00001194 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-15 14:46 - 2011-11-05 19:33 - 00001198 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 12:53 - 2014-03-15 12:53 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-03-15 12:26 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:26 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:24 - 2009-07-14 06:13 - 00006250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-15 10:42 - 2013-06-16 16:57 - 00114000 _____ () C:\windows\PFRO.log
2014-03-15 00:09 - 2014-03-15 00:09 - 00380416 _____ () C:\Users\Rena\Downloads\rgy6ti4h.exe
2014-03-14 23:44 - 2014-03-14 23:44 - 00000000 ____D () C:\Users\Rena\Downloads\tdsskiller
2014-03-14 23:43 - 2014-03-14 23:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Rena\Downloads\tdsskiller.exe
2014-03-14 23:01 - 2014-03-14 23:01 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 23:01 - 2013-06-13 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:51 - 2012-08-02 20:13 - 00000000 ____D () C:\Fraps
2014-03-14 22:37 - 2012-09-24 22:04 - 00000434 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-14 22:02 - 2009-07-14 05:45 - 02383320 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 22:01 - 2013-03-14 21:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 22:01 - 2013-03-14 21:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:26 - 2013-02-16 17:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 19:29 - 2014-03-10 22:57 - 00000000 ____D () C:\Program Files (x86)\DMO
2014-03-10 23:01 - 2012-06-25 17:27 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-03-10 22:39 - 2014-03-10 21:45 - 760347378 _____ () C:\Users\Rena\Downloads\DMO_Install_20130409.exe
2014-03-10 17:49 - 2012-06-18 19:05 - 00000000 ____D () C:\Users\Rena\Documents\Youcam
2014-03-07 23:24 - 2014-03-07 23:24 - 00007600 _____ () C:\Users\Rena\AppData\Local\Resmon.ResmonCfg
2014-03-07 21:22 - 2014-03-07 20:42 - 02206190 _____ () C:\Users\Rena\Documents\AutoSave_Unbenannt.skp
2014-03-07 13:55 - 2012-06-18 06:23 - 00117616 _____ () C:\Users\Rena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 21:11 - 2014-03-06 21:10 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-06 21:09 - 2012-06-18 06:23 - 00000000 ___RD () C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-06 20:46 - 2014-03-06 20:46 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-06 20:46 - 2014-03-06 20:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-06 20:46 - 2014-03-06 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-06 20:45 - 2012-08-08 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-06 20:40 - 2012-06-18 21:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-06 20:40 - 2012-06-18 21:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-06 20:33 - 2014-03-06 20:33 - 00000000 ____D () C:\Users\Rena\AppData\Local\Secunia PSI
2014-03-06 20:33 - 2014-03-06 20:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-06 20:32 - 2014-03-06 20:31 - 05329480 _____ (Secunia) C:\Users\Rena\Downloads\PSISetup_3.0.0.9016.exe
2014-03-06 20:06 - 2014-03-06 20:05 - 00001396 _____ () C:\DelFix.txt
2014-03-06 20:05 - 2013-12-31 15:51 - 00000000 ____D () C:\windows\ERUNT
2014-03-06 20:03 - 2014-02-24 16:55 - 00000000 ____D () C:\windows\erdnt
2014-03-06 20:00 - 2012-06-18 06:22 - 00000000 ____D () C:\Users\Rena
2014-03-06 19:30 - 2012-06-19 20:19 - 00000000 ____D () C:\Users\Rena\.gimp-2.8
2014-03-06 19:06 - 2014-03-06 19:06 - 00002725 _____ () C:\Users\Rena\AppData\Local\recently-used.xbel
2014-03-04 17:50 - 2011-11-05 19:33 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-03-01 18:23 - 2012-08-21 12:49 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\.minecraft
2014-03-01 07:05 - 2014-03-13 19:50 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 19:50 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 19:50 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 19:51 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 19:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 19:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 19:50 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 19:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 19:50 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 19:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 19:50 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 19:50 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 19:50 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 19:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 19:50 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 19:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 19:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 19:50 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 19:50 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 19:50 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 19:50 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 19:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:43 - 2014-03-13 19:50 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:42 - 2014-03-13 19:50 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 19:50 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 19:50 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 19:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 19:50 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 19:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 19:50 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 19:50 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 19:50 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 19:50 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 19:50 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 19:50 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 19:50 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 19:50 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 19:50 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 19:50 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 19:41 - 2014-02-27 19:41 - 00000000 ____D () C:\Users\Rena\AppData\Local\Skype
2014-02-27 19:40 - 2012-06-18 19:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-25 21:44 - 2014-02-25 21:44 - 00000624 _____ () C:\Users\Rena\Desktop\JRT.txt
2014-02-24 17:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-24 17:06 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-02-23 19:36 - 2014-02-23 19:36 - 00924536 _____ () C:\windows\Minidump\022314-21543-01.dmp
2014-02-23 19:36 - 2013-06-30 15:59 - 701251290 _____ () C:\windows\MEMORY.DMP
2014-02-23 19:36 - 2012-06-30 20:53 - 00000000 ____D () C:\windows\Minidump
2014-02-23 02:09 - 2014-02-23 02:07 - 16532765 _____ () C:\Users\Rena\Downloads\[1.7] Dokucraft_TSC_Light.zip
2014-02-21 16:07 - 2012-06-18 20:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-21 15:54 - 2014-02-21 15:54 - 00000000 ____D () C:\Users\Rena\AppData\Roaming\Oracle
2014-02-16 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-02-16 01:55 - 2013-08-04 01:51 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 01:53 - 2012-09-20 21:12 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-14 17:24 - 2014-02-14 17:24 - 00675988 _____ () C:\Users\Rena\Downloads\Minecraft.exe
2014-02-13 16:41 - 2011-11-05 19:33 - 00004194 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 16:41 - 2011-11-05 19:33 - 00003942 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Rena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-15 14:38

==================== End Of Log ============================
--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Rena at 2014-03-15 21:20:46
Running from C:\Users\Rena\Downloads\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{C3E6E2B5-DEB5-235A-4999-4D424C11788B}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.813.3.2-110324a-116588C-Lenovo - ATI Technologies, Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVStoDVD 2.6.0 (HKLM-x32\...\AVStoDVD) (Version: 2.6.0 - MrC)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0324.2228.38483 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help English (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help French (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help German (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0324.2227.38483 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0324.2228.38483 - ATI) Hidden
ccc-utility64 (Version: 2011.0324.2228.38483 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
Contrast (HKLM-x32\...\Steam App 224460) (Version:  - Compulsion Games)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.30 - Philipp Winterberg)
GDMO (HKLM-x32\...\DMO) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.338 - Happy Cloud, Inc.)
IconPackager (HKLM-x32\...\IconPackager) (Version: 5.10 - Stardock Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaai Yuki Vocaloid3 Library (HKLM-x32\...\Kaai Yuki Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Megurine Luka ENG Vocaloid3 Library (HKLM-x32\...\Megurine Luka ENG Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Megurine Luka JPN Vocaloid3 Library (HKLM-x32\...\Megurine Luka JPN Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nero Burning ROM (x32 Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (HKLM-x32\...\{4AC7B4F3-1B75-4BA7-82C4-F9A22B430A3D}) (Version: 12.5.00900 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oliver Vocaloid3 Library (HKLM-x32\...\Oliver Vocaloid3 Library_is1) (Version: Vocaloid3 Library - Voronov Nikolay)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.5 - En Masse Entertainment)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
UTAU 歌声合成ツール (HKLM-x32\...\{E36514A0-3E41-4E2B-9377-4F687A63A02B}) (Version: 1.1.17 - 飴屋プロジェクト)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vocaloid3 Free Edition v3.0.5.0 (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 - )
Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XMedia Recode Version 3.1.6.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.0 - XMedia Recode)
XWidget Ver1.84 (HKLM-x32\...\{A6E16998-A241-438F-A916-5CD59B5506C0}_is1) (Version:  - XWidget Software)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

06-03-2014 19:05:59 End of disinfection
11-03-2014 15:07:36 Windows Update
13-03-2014 21:20:27 Windows Update
15-03-2014 11:51:59 Removed Aeria Ignite

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-24 17:05 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {059B84EC-AD00-44B9-840E-22C8E21E39DD} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {3A40D76B-2B18-4B17-8C00-48B29F975296} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {615A1C8E-3999-4B37-883B-D630F1317E55} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8B8F8DC3-F7D5-4B4A-B181-B7FFC9243CD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {CF1E27F3-0E8D-4A57-850F-CDA8577F52DE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {F16AA0EA-D095-49A5-B7F5-551D7CED5212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-05 19:39 - 2011-11-05 19:39 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2011-11-05 19:39 - 2011-11-05 19:39 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2011-11-05 19:08 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2011-11-05 19:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-05 19:48 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-12-14 19:05 - 2010-12-14 19:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-08-17 20:39 - 2013-06-18 22:30 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-06-24 00:39 - 2009-08-12 11:09 - 00077824 _____ () C:\Program Files (x86)\XWidget\Res\Lib\lib.dll
2014-01-08 17:47 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 17:47 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-10-24 09:45 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-30 11:25 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2011-11-05 19:39 - 2011-11-05 19:39 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-02-14 12:41 - 2014-02-14 12:41 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aeb07412ad41bff851002a4cd8ed97d1\IsdiInterop.ni.dll
2011-11-05 19:08 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 17:50 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\windows\system32\Drivers\hxhrcall.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2014 09:17:38 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 09:16:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2014 09:15:26 PM) (Source: TabletServiceWacom) (User: )
Description: TabletService Error:
Could not init tablet driver

Error: (03/15/2014 02:49:04 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (03/15/2014 02:49:01 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (03/15/2014 00:24:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/15/2014 00:24:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/15/2014 00:20:47 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 00:20:01 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 00:19:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/15/2014 10:42:56 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (03/15/2014 10:42:56 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/15/2014 10:42:56 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/15/2014 10:42:53 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/15/2014 10:42:46 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/15/2014 10:42:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BPntDrv
discache
KLIF
kneps
spldr
Wanarpv6

Error: (03/15/2014 10:42:29 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/14/2014 11:14:24 PM) (Source: DCOM) (User: )
Description: 1084SkypeUpdate/ComService{CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (03/14/2014 10:50:40 PM) (Source: DCOM) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/14/2014 10:43:39 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/15/2014 09:17:38 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 09:16:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2014 09:15:26 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (03/15/2014 02:49:04 PM) (Source: ATIeRecord)(User: )
Description:

Error: (03/15/2014 02:49:01 PM) (Source: ATIeRecord)(User: )
Description:

Error: (03/15/2014 00:24:22 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/15/2014 00:24:22 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (03/15/2014 00:20:47 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 00:20:01 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 00:19:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-15 14:39:46.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:39:46.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:39:46.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:39:46.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:39:46.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 14:39:46.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-06 18:03:26.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-06 18:03:26.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-06 18:03:26.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-06 18:03:26.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 4039.86 MB
Available physical RAM: 1469.24 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 4988.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:458.25 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:12.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BA3C67D8)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 16.03.2014 17:41
kurz zum Verständniss:

Die Firewall von der du redest ist auch die von Kaspersky oder? Also hat sich einfach nur Kaspersky komplett abgeschaltet?

Rena-Dango 16.03.2014 21:03
Kaspersky hat sich nicht ganz ausgeschaltet. Es hat einfach nur den Schutz gestoppt und ihn mich nicht mehr aktivieren lassen weil angeblich kein Zugriff zum Lizenschluessel bestand. Und nein, ich meine die Windows firewall hat sich ausgestellt.

schrauber 17.03.2014 11:48
ok.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Rena-Dango 17.03.2014 18:48
Beide Tools haben nichts gefunden. Soll ich die Logs trotzdem posten?

schrauber 18.03.2014 12:01
Ja bitte.

Rena-Dango 18.03.2014 14:28
Okey.

Code:
18:10:02.0643 0x0f5c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
18:10:07.0447 0x0f5c  ============================================================
18:10:07.0447 0x0f5c  Current date / time: 2014/03/17 18:10:07.0447
18:10:07.0447 0x0f5c  SystemInfo:
18:10:07.0447 0x0f5c 
18:10:07.0447 0x0f5c  OS Version: 6.1.7601 ServicePack: 1.0
18:10:07.0447 0x0f5c  Product type: Workstation
18:10:07.0447 0x0f5c  ComputerName: RENA-PC
18:10:07.0447 0x0f5c  UserName: Rena
18:10:07.0447 0x0f5c  Windows directory: C:\windows
18:10:07.0447 0x0f5c  System windows directory: C:\windows
18:10:07.0447 0x0f5c  Running under WOW64
18:10:07.0447 0x0f5c  Processor architecture: Intel x64
18:10:07.0447 0x0f5c  Number of processors: 4
18:10:07.0447 0x0f5c  Page size: 0x1000
18:10:07.0447 0x0f5c  Boot type: Normal boot
18:10:07.0447 0x0f5c  ============================================================
18:10:07.0648 0x0f5c  KLMD registered as C:\windows\system32\drivers\46436286.sys
18:10:08.0227 0x0f5c  System UUID: {63786E41-85B9-E4C1-BB85-784D493A172E}
18:10:09.0726 0x0f5c  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:09.0730 0x0f5c  ============================================================
18:10:09.0731 0x0f5c  \Device\Harddisk0\DR0:
18:10:09.0731 0x0f5c  MBR partitions:
18:10:09.0731 0x0f5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:10:09.0731 0x0f5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
18:10:09.0832 0x0f5c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
18:10:09.0832 0x0f5c  ============================================================
18:10:10.0146 0x0f5c  C: <-> \Device\Harddisk0\DR0\Partition2
18:10:10.0296 0x0f5c  D: <-> \Device\Harddisk0\DR0\Partition3
18:10:10.0297 0x0f5c  ============================================================
18:10:10.0297 0x0f5c  Initialize success
18:10:10.0297 0x0f5c  ============================================================
18:11:09.0676 0x1670  ============================================================
18:11:09.0676 0x1670  Scan started
18:11:09.0676 0x1670  Mode: Manual; SigCheck; TDLFS;
18:11:09.0676 0x1670  ============================================================
18:11:09.0676 0x1670  KSN ping started
18:11:12.0675 0x1670  KSN ping finished: true
18:11:13.0878 0x1670  ================ Scan system memory ========================
18:11:13.0878 0x1670  System memory - ok
18:11:13.0879 0x1670  ================ Scan services =============================
18:11:14.0862 0x1670  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:11:15.0285 0x1670  1394ohci - ok
18:11:15.0533 0x1670  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:11:15.0590 0x1670  ACPI - ok
18:11:15.0685 0x1670  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
18:11:15.0981 0x1670  AcpiPmi - ok
18:11:16.0176 0x1670  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC        C:\windows\system32\DRIVERS\AcpiVpc.sys
18:11:16.0239 0x1670  ACPIVPC - ok
18:11:16.0734 0x1670  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:11:16.0790 0x1670  AdobeARMservice - ok
18:11:16.0955 0x1670  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\windows\system32\drivers\adp94xx.sys
18:11:17.0244 0x1670  adp94xx - ok
18:11:17.0498 0x1670  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\windows\system32\drivers\adpahci.sys
18:11:18.0000 0x1670  adpahci - ok
18:11:18.0150 0x1670  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\windows\system32\drivers\adpu320.sys
18:11:18.0200 0x1670  adpu320 - ok
18:11:18.0287 0x1670  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
18:11:19.0317 0x1670  AeLookupSvc - ok
18:11:19.0670 0x1670  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD            C:\windows\system32\drivers\afd.sys
18:11:20.0318 0x1670  AFD - ok
18:11:20.0503 0x1670  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
18:11:20.0583 0x1670  agp440 - ok
18:11:20.0778 0x1670  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\windows\System32\alg.exe
18:11:20.0858 0x1670  ALG - ok
18:11:20.0998 0x1670  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
18:11:21.0032 0x1670  aliide - ok
18:11:21.0193 0x1670  [ A9141F9FE92E67A92B3948635E96CF77, 1479E88C499BB146EA0F8F9C55866A331B7D845A254ECDEC0F928CB4AE3DDEA6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:11:22.0704 0x1670  AMD External Events Utility - ok
18:11:22.0785 0x1670  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
18:11:22.0810 0x1670  amdide - ok
18:11:22.0918 0x1670  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\windows\system32\drivers\amdk8.sys
18:11:22.0980 0x1670  AmdK8 - ok
18:11:23.0557 0x1670  [ 99A33223B2D67A5A8839E373490F8EBC, 23BDC36858A507DFEA400D010267C59B9AD7D72B45D94D34DE6D2C452F3380C3 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
18:11:24.0572 0x1670  amdkmdag - ok
18:11:24.0938 0x1670  [ 73A3D07343773A4F0881A458D485BE11, A8239F90AA870B271752CCD3ACE53A2992929F8294E0485F5615FCC310188133 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
18:11:25.0082 0x1670  amdkmdap - ok
18:11:25.0118 0x1670  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
18:11:25.0224 0x1670  AmdPPM - ok
18:11:25.0357 0x1670  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\windows\system32\drivers\amdsata.sys
18:11:25.0398 0x1670  amdsata - ok
18:11:25.0603 0x1670  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
18:11:25.0771 0x1670  amdsbs - ok
18:11:25.0964 0x1670  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\windows\system32\drivers\amdxata.sys
18:11:26.0004 0x1670  amdxata - ok
18:11:26.0161 0x1670  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\windows\system32\drivers\appid.sys
18:11:26.0647 0x1670  AppID - ok
18:11:26.0803 0x1670  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:11:26.0933 0x1670  AppIDSvc - ok
18:11:27.0208 0x1670  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\windows\System32\appinfo.dll
18:11:27.0305 0x1670  Appinfo - ok
18:11:27.0459 0x1670  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\windows\system32\drivers\arc.sys
18:11:27.0478 0x1670  arc - ok
18:11:27.0563 0x1670  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
18:11:27.0598 0x1670  arcsas - ok
18:11:28.0111 0x1670  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:11:28.0141 0x1670  aspnet_state - ok
18:11:28.0164 0x1670  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:11:28.0287 0x1670  AsyncMac - ok
18:11:28.0432 0x1670  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\windows\system32\drivers\atapi.sys
18:11:28.0462 0x1670  atapi - ok
18:11:28.0928 0x1670  [ 782D36BAD8DDBF008D02E055DBE70F82, AFB7A4B52C86A9CA48ED46A2CE5415119F1C75912A0E233EF1CAE120DA534CAE ] athr            C:\windows\system32\DRIVERS\athrx.sys
18:11:29.0463 0x1670  athr - ok
18:11:29.0997 0x1670  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:11:30.0171 0x1670  AudioEndpointBuilder - ok
18:11:30.0538 0x1670  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:11:30.0593 0x1670  AudioSrv - ok
18:11:30.0960 0x1670  AVFSFilter - ok
18:11:31.0533 0x1670  [ 15D2DB9BFA8E833ED31FAB2BB088FDDA, 6198C0A5DA01DA146A9A054C3C882A1DBF9BA84466EBFDDA1C1062EF36F9B34B ] AVP            C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
18:11:31.0557 0x1670  AVP - ok
18:11:31.0762 0x1670  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:11:32.0062 0x1670  AxInstSV - ok
18:11:32.0244 0x1670  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\windows\system32\drivers\bxvbda.sys
18:11:32.0690 0x1670  b06bdrv - ok
18:11:32.0869 0x1670  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:11:33.0181 0x1670  b57nd60a - ok
18:11:33.0387 0x1670  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
18:11:33.0480 0x1670  BDESVC - ok
18:11:33.0610 0x1670  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
18:11:33.0818 0x1670  Beep - ok
18:11:34.0149 0x1670  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\windows\System32\bfe.dll
18:11:34.0255 0x1670  BFE - ok
18:11:34.0671 0x1670  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
18:11:35.0405 0x1670  BITS - ok
18:11:35.0529 0x1670  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:11:35.0625 0x1670  blbdrive - ok
18:11:35.0755 0x1670  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:11:35.0863 0x1670  bowser - ok
18:11:36.0187 0x1670  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv        C:\windows\system32\drivers\BPntDrv.sys
18:11:36.0341 0x1670  BPntDrv - ok
18:11:36.0465 0x1670  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
18:11:36.0666 0x1670  BrFiltLo - ok
18:11:36.0777 0x1670  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
18:11:36.0824 0x1670  BrFiltUp - ok
18:11:37.0047 0x1670  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:11:37.0293 0x1670  BridgeMP - ok
18:11:37.0445 0x1670  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\windows\System32\browser.dll
18:11:37.0560 0x1670  Browser - ok
18:11:37.0758 0x1670  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\windows\System32\Drivers\Brserid.sys
18:11:38.0094 0x1670  Brserid - ok
18:11:38.0211 0x1670  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:11:38.0271 0x1670  BrSerWdm - ok
18:11:38.0387 0x1670  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:11:38.0586 0x1670  BrUsbMdm - ok
18:11:38.0622 0x1670  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:11:38.0685 0x1670  BrUsbSer - ok
18:11:38.0876 0x1670  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
18:11:39.0028 0x1670  BthEnum - ok
18:11:39.0150 0x1670  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
18:11:39.0239 0x1670  BTHMODEM - ok
18:11:39.0438 0x1670  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
18:11:39.0572 0x1670  BthPan - ok
18:11:39.0692 0x1670  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
18:11:39.0766 0x1670  BTHPORT - ok
18:11:39.0932 0x1670  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\windows\system32\bthserv.dll
18:11:39.0999 0x1670  bthserv - ok
18:11:40.0048 0x1670  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
18:11:40.0196 0x1670  BTHUSB - ok
18:11:40.0630 0x1670  [ 9DE56FA4533E485AE5409D3C11747143, 197A3914D75F0FAFC0A7F24CC40C9714ED3FAF84312172BACEBC4FEFA8D1909C ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
18:11:40.0959 0x1670  BTWAMPFL - ok
18:11:41.0314 0x1670  [ F6135859A582A7294BA7A3336E08BAA1, DE30457F91C25950C2713CE3A2AE1F1EFFBB068DD3B0BCC87700E7CBAF73C818 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
18:11:41.0361 0x1670  btwaudio - ok
18:11:41.0624 0x1670  [ 3DEF2370E414B4E299673558BA171A51, 5A0923D9F941ABD34EC9BEE0EB62A62F135CBF128061239CC6EA0E6752791636 ] btwavdt        C:\windows\system32\DRIVERS\btwavdt.sys
18:11:41.0723 0x1670  btwavdt - ok
18:11:42.0636 0x1670  [ 7987FFFDA812ABC69047D1B029D446A2, 666DBA819E148989AA0D1EB704737787CF37E55CB2CA0353C896E7693DA871AB ] btwdins        C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:11:42.0797 0x1670  btwdins - ok
18:11:42.0820 0x1670  [ E8D2BCD080EA91E74775B9F5EA051F97, FE75F765B785E513399D2B449CA068DA5BBB3B27C2E21740DFCB8C6E6B810028 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
18:11:42.0833 0x1670  btwl2cap - ok
18:11:42.0982 0x1670  [ 9937E0E4DFC0030560A6DFE9D3A94B39, 0B9CF1932D4534BD7B1F5D7B7BD5FBF9C8D156838D24ABBDE475E79EEF1150F1 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
18:11:43.0013 0x1670  btwrchid - ok
18:11:43.0697 0x1670  [ BE531939BB6D153DB63DBBFBD398A713, CB63FD4051198A89EDB3CF45199F99F5816A672FA9374E166ED7A5D17ED47468 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
18:11:44.0466 0x1670  c2cautoupdatesvc - ok
18:11:45.0639 0x1670  [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc      C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
18:11:46.0395 0x1670  c2cpnrsvc - ok
18:11:46.0955 0x1670  catchme - ok
18:11:47.0081 0x1670  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:11:47.0393 0x1670  cdfs - ok
18:11:47.0701 0x1670  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
18:11:48.0046 0x1670  cdrom - ok
18:11:48.0302 0x1670  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\windows\System32\certprop.dll
18:11:48.0436 0x1670  CertPropSvc - ok
18:11:48.0627 0x1670  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
18:11:48.0688 0x1670  circlass - ok
18:11:48.0992 0x1670  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
18:11:49.0040 0x1670  CLFS - ok
18:11:49.0651 0x1670  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:11:49.0718 0x1670  clr_optimization_v2.0.50727_32 - ok
18:11:49.0966 0x1670  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:11:50.0007 0x1670  clr_optimization_v2.0.50727_64 - ok
18:11:50.0642 0x1670  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:11:50.0730 0x1670  clr_optimization_v4.0.30319_32 - ok
18:11:50.0840 0x1670  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:11:50.0880 0x1670  clr_optimization_v4.0.30319_64 - ok
18:11:51.0095 0x1670  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd          C:\windows\system32\DRIVERS\clwvd.sys
18:11:51.0131 0x1670  clwvd - ok
18:11:51.0261 0x1670  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:11:51.0311 0x1670  CmBatt - ok
18:11:51.0378 0x1670  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:11:51.0414 0x1670  cmdide - ok
18:11:51.0710 0x1670  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG            C:\windows\system32\Drivers\cng.sys
18:11:51.0831 0x1670  CNG - ok
18:11:52.0533 0x1670  [ 99B1B888B793DE320C5479B3C953781F, 6A499F916132998FBDFA587823A11C2ED1D27DED10374F6A41BA5861A2FF969E ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
18:11:53.0138 0x1670  CnxtHdAudService - ok
18:11:53.0274 0x1670  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
18:11:53.0289 0x1670  Compbatt - ok
18:11:53.0372 0x1670  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
18:11:53.0570 0x1670  CompositeBus - ok
18:11:53.0592 0x1670  COMSysApp - ok
18:11:53.0688 0x1670  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\windows\system32\drivers\crcdisk.sys
18:11:53.0891 0x1670  crcdisk - ok
18:11:54.0032 0x1670  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:11:54.0120 0x1670  CryptSvc - ok
18:11:54.0288 0x1670  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:11:54.0517 0x1670  DcomLaunch - ok
18:11:54.0592 0x1670  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\windows\System32\defragsvc.dll
18:11:54.0656 0x1670  defragsvc - ok
18:11:54.0707 0x1670  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:11:54.0758 0x1670  DfsC - ok
18:11:54.0998 0x1670  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
18:11:55.0335 0x1670  Dhcp - ok
18:11:55.0363 0x1670  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
18:11:55.0421 0x1670  discache - ok
18:11:55.0490 0x1670  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
18:11:55.0533 0x1670  Disk - ok
18:11:55.0693 0x1670  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:11:55.0886 0x1670  Dnscache - ok
18:11:56.0006 0x1670  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\windows\System32\dot3svc.dll
18:11:56.0238 0x1670  dot3svc - ok
18:11:56.0423 0x1670  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\windows\system32\dps.dll
18:11:56.0500 0x1670  DPS - ok
18:11:56.0672 0x1670  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
18:11:56.0778 0x1670  drmkaud - ok
18:11:56.0974 0x1670  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
18:11:57.0208 0x1670  DXGKrnl - ok
18:11:57.0354 0x1670  EagleX64 - ok
18:11:57.0533 0x1670  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\windows\System32\eapsvc.dll
18:11:57.0615 0x1670  EapHost - ok
18:11:58.0463 0x1670  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\windows\system32\drivers\evbda.sys
18:11:59.0014 0x1670  ebdrv - ok
18:11:59.0086 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS            C:\windows\System32\lsass.exe
18:11:59.0167 0x1670  EFS - ok
18:11:59.0723 0x1670  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
18:12:00.0530 0x1670  ehRecvr - ok
18:12:00.0737 0x1670  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\windows\ehome\ehsched.exe
18:12:00.0851 0x1670  ehSched - ok
18:12:00.0987 0x1670  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\windows\system32\drivers\elxstor.sys
18:12:01.0023 0x1670  elxstor - ok
18:12:01.0046 0x1670  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:12:01.0079 0x1670  ErrDev - ok
18:12:01.0478 0x1670  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\windows\system32\es.dll
18:12:01.0629 0x1670  EventSystem - ok
18:12:01.0820 0x1670  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\windows\system32\drivers\exfat.sys
18:12:02.0099 0x1670  exfat - ok
18:12:02.0182 0x1670  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\windows\system32\drivers\fastfat.sys
18:12:02.0272 0x1670  fastfat - ok
18:12:02.0650 0x1670  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\windows\system32\fxssvc.exe
18:12:03.0030 0x1670  Fax - ok
18:12:03.0120 0x1670  [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
18:12:03.0234 0x1670  fbfmon - ok
18:12:03.0322 0x1670  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\windows\system32\drivers\fdc.sys
18:12:03.0370 0x1670  fdc - ok
18:12:03.0413 0x1670  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\windows\system32\fdPHost.dll
18:12:03.0528 0x1670  fdPHost - ok
18:12:03.0593 0x1670  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
18:12:03.0675 0x1670  FDResPub - ok
18:12:03.0754 0x1670  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:12:03.0773 0x1670  FileInfo - ok
18:12:03.0798 0x1670  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
18:12:03.0917 0x1670  Filetrace - ok
18:12:04.0093 0x1670  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
18:12:04.0117 0x1670  flpydisk - ok
18:12:04.0147 0x1670  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:12:04.0191 0x1670  FltMgr - ok
18:12:04.0364 0x1670  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\windows\system32\FntCache.dll
18:12:04.0847 0x1670  FontCache - ok
18:12:04.0967 0x1670  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:12:04.0985 0x1670  FontCache3.0.0.0 - ok
18:12:05.0127 0x1670  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
18:12:05.0165 0x1670  FsDepends - ok
18:12:05.0232 0x1670  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:12:05.0249 0x1670  Fs_Rec - ok
18:12:05.0414 0x1670  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:12:05.0481 0x1670  fvevol - ok
18:12:05.0591 0x1670  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
18:12:05.0621 0x1670  gagp30kx - ok
18:12:06.0011 0x1670  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\windows\System32\gpsvc.dll
18:12:06.0234 0x1670  gpsvc - ok
18:12:06.0743 0x1670  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:06.0755 0x1670  gupdate - ok
18:12:06.0866 0x1670  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:06.0880 0x1670  gupdatem - ok
18:12:06.0919 0x1670  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:12:07.0042 0x1670  hcw85cir - ok
18:12:07.0270 0x1670  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:12:07.0540 0x1670  HdAudAddService - ok
18:12:07.0605 0x1670  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:12:07.0650 0x1670  HDAudBus - ok
18:12:07.0666 0x1670  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\windows\system32\drivers\HidBatt.sys
18:12:07.0777 0x1670  HidBatt - ok
18:12:07.0942 0x1670  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
18:12:08.0051 0x1670  HidBth - ok
18:12:08.0150 0x1670  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\windows\system32\drivers\hidir.sys
18:12:08.0185 0x1670  HidIr - ok
18:12:08.0344 0x1670  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\windows\System32\hidserv.dll
18:12:08.0431 0x1670  hidserv - ok
18:12:08.0516 0x1670  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
18:12:08.0579 0x1670  HidUsb - ok
18:12:08.0660 0x1670  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:12:08.0765 0x1670  hkmsvc - ok
18:12:08.0853 0x1670  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:12:08.0963 0x1670  HomeGroupListener - ok
18:12:09.0104 0x1670  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:12:09.0155 0x1670  HomeGroupProvider - ok
18:12:09.0229 0x1670  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:12:09.0245 0x1670  HpSAMD - ok
18:12:09.0401 0x1670  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:12:09.0665 0x1670  HTTP - ok
18:12:09.0694 0x1670  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:12:09.0709 0x1670  hwpolicy - ok
18:12:09.0741 0x1670  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
18:12:09.0760 0x1670  i8042prt - ok
18:12:09.0976 0x1670  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
18:12:09.0999 0x1670  iaStor - ok
18:12:10.0446 0x1670  [ F5C0317AF600F8C0D7E4202EB04232B1, D83824ED829E3C4BCA6DB17A5DEF1450856ABE17B27AE6B791E40B8C3F2CCB44 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:12:10.0580 0x1670  IAStorDataMgrSvc - ok
18:12:10.0903 0x1670  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
18:12:11.0093 0x1670  iaStorV - ok
18:12:11.0530 0x1670  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:12:11.0595 0x1670  idsvc - ok
18:12:11.0655 0x1670  IEEtwCollectorService - ok
18:12:12.0376 0x1670  [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
18:12:13.0293 0x1670  igfx - ok
18:12:13.0436 0x1670  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\windows\system32\drivers\iirsp.sys
18:12:13.0469 0x1670  iirsp - ok
18:12:13.0656 0x1670  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
18:12:14.0218 0x1670  IKEEXT - ok
18:12:14.0359 0x1670  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
18:12:14.0535 0x1670  IntcDAud - ok
18:12:14.0594 0x1670  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
18:12:14.0637 0x1670  intelide - ok
18:12:16.0505 0x1670  [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] intelkmd        C:\windows\system32\DRIVERS\igdpmd64.sys
18:12:17.0321 0x1670  intelkmd - ok
18:12:17.0413 0x1670  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
18:12:17.0480 0x1670  intelppm - ok
18:12:17.0570 0x1670  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\windows\system32\ipbusenum.dll
18:12:17.0813 0x1670  IPBusEnum - ok
18:12:17.0897 0x1670  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:12:18.0019 0x1670  IpFilterDriver - ok
18:12:18.0261 0x1670  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc        C:\windows\System32\iphlpsvc.dll
18:12:18.0441 0x1670  IpHlpSvc - ok
18:12:18.0497 0x1670  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
18:12:18.0588 0x1670  IPMIDRV - ok
18:12:18.0840 0x1670  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\windows\system32\drivers\ipnat.sys
18:12:18.0948 0x1670  IPNAT - ok
18:12:19.0070 0x1670  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:12:19.0160 0x1670  IRENUM - ok
18:12:19.0256 0x1670  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:12:19.0303 0x1670  isapnp - ok
18:12:19.0442 0x1670  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
18:12:19.0662 0x1670  iScsiPrt - ok
18:12:19.0733 0x1670  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
18:12:19.0769 0x1670  kbdclass - ok
18:12:19.0901 0x1670  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
18:12:19.0968 0x1670  kbdhid - ok
18:12:20.0041 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
18:12:20.0070 0x1670  KeyIso - ok
18:12:20.0404 0x1670  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1            C:\windows\system32\DRIVERS\kl1.sys
18:12:20.0763 0x1670  kl1 - ok
18:12:21.0404 0x1670  [ 788E5F92721849A17BD64883C49EB825, CEBCE3D9A84D31F597F8592F0E62C2E6ED8A492087F121B151E64903A86CAC52 ] KLIF            C:\windows\system32\DRIVERS\klif.sys
18:12:21.0745 0x1670  KLIF - ok
18:12:21.0870 0x1670  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6          C:\windows\system32\DRIVERS\klim6.sys
18:12:21.0891 0x1670  KLIM6 - ok
18:12:22.0177 0x1670  [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt        C:\windows\system32\DRIVERS\klkbdflt.sys
18:12:22.0211 0x1670  klkbdflt - ok
18:12:22.0390 0x1670  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\windows\system32\DRIVERS\klmouflt.sys
18:12:22.0413 0x1670  klmouflt - ok
18:12:22.0576 0x1670  [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi          C:\windows\system32\DRIVERS\kltdi.sys
18:12:22.0712 0x1670  kltdi - ok
18:12:22.0899 0x1670  [ 1FCB657B581CC4DF17FD6571F93602DE, D5D95773D19AA47BA619D149FD6068198E2AA05C219C3936E327B3DFFDE6B10C ] kneps          C:\windows\system32\DRIVERS\kneps.sys
18:12:22.0943 0x1670  kneps - ok
18:12:23.0037 0x1670  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:12:23.0076 0x1670  KSecDD - ok
18:12:23.0270 0x1670  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
18:12:23.0300 0x1670  KSecPkg - ok
18:12:23.0350 0x1670  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
18:12:23.0540 0x1670  ksthunk - ok
18:12:23.0761 0x1670  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\windows\system32\msdtckrm.dll
18:12:24.0053 0x1670  KtmRm - ok
18:12:24.0183 0x1670  [ 95CA93FC12BE372BB952669F37FFF9C5, 5B4EE910E676ABD0E12B6AD72DBB564DBEB05D63C43AFFC24CE155D0DF8A3820 ] L1C            C:\windows\system32\DRIVERS\L1C62x64.sys
18:12:24.0230 0x1670  L1C - ok
18:12:24.0491 0x1670  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
18:12:24.0786 0x1670  LanmanServer - ok
18:12:25.0003 0x1670  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:12:25.0092 0x1670  LanmanWorkstation - ok
18:12:25.0245 0x1670  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
18:12:25.0297 0x1670  LHDmgr - ok
18:12:25.0388 0x1670  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:12:25.0469 0x1670  lltdio - ok
18:12:25.0661 0x1670  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\windows\System32\lltdsvc.dll
18:12:25.0864 0x1670  lltdsvc - ok
18:12:26.0022 0x1670  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\windows\System32\lmhsvc.dll
18:12:26.0074 0x1670  lmhosts - ok
18:12:26.0331 0x1670  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:12:26.0386 0x1670  LMS - ok
18:12:26.0462 0x1670  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
18:12:26.0518 0x1670  LSI_FC - ok
18:12:26.0659 0x1670  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\windows\system32\drivers\lsi_sas.sys
18:12:26.0692 0x1670  LSI_SAS - ok
18:12:26.0843 0x1670  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
18:12:26.0880 0x1670  LSI_SAS2 - ok
18:12:26.0956 0x1670  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
18:12:27.0002 0x1670  LSI_SCSI - ok
18:12:27.0045 0x1670  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\windows\system32\drivers\luafv.sys
18:12:27.0248 0x1670  luafv - ok
18:12:27.0411 0x1670  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector  C:\windows\system32\drivers\mbam.sys
18:12:27.0445 0x1670  MBAMProtector - ok
18:12:27.0899 0x1670  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:12:28.0196 0x1670  MBAMScheduler - ok
18:12:28.0411 0x1670  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:12:28.0650 0x1670  MBAMService - ok
18:12:28.0917 0x1670  [ 3CD0D8FC5FE6F7AE85AC8B818F9029B4, 532A384881A27A687BE856F3CE76ABA939AB2D5DD48D9A07CF5326216859EF8E ] mcdevice        C:\windows\system32\DRIVERS\mcdevice.sys
18:12:28.0989 0x1670  mcdevice - ok
18:12:29.0123 0x1670  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
18:12:29.0236 0x1670  Mcx2Svc - ok
18:12:29.0335 0x1670  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\windows\system32\drivers\megasas.sys
18:12:29.0488 0x1670  megasas - ok
18:12:29.0647 0x1670  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
18:12:30.0016 0x1670  MegaSR - ok
18:12:30.0364 0x1670  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
18:12:30.0395 0x1670  MEIx64 - ok
18:12:31.0168 0x1670  MFE_RR - ok
18:12:31.0297 0x1670  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\windows\system32\mmcss.dll
18:12:31.0455 0x1670  MMCSS - ok
18:12:31.0578 0x1670  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\windows\system32\drivers\modem.sys
18:12:31.0687 0x1670  Modem - ok
18:12:31.0783 0x1670  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
18:12:31.0998 0x1670  monitor - ok
18:12:32.0135 0x1670  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:12:32.0168 0x1670  mouclass - ok
18:12:32.0301 0x1670  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:12:32.0548 0x1670  mouhid - ok
18:12:32.0652 0x1670  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:12:32.0694 0x1670  mountmgr - ok
18:12:33.0168 0x1670  [ A7A117CB1104D0829466F48E17BE0A71, 040F18FC1AF72BE2B7123170C2F5F131A9518B8AA57C20F23203625D213C792B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:12:33.0427 0x1670  MozillaMaintenance - ok
18:12:33.0464 0x1670  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
18:12:33.0484 0x1670  mpio - ok
18:12:33.0504 0x1670  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:12:33.0540 0x1670  mpsdrv - ok
18:12:34.0102 0x1670  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:12:34.0368 0x1670  MpsSvc - ok
18:12:34.0543 0x1670  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:12:34.0794 0x1670  MRxDAV - ok
18:12:35.0038 0x1670  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:12:35.0375 0x1670  mrxsmb - ok
18:12:35.0694 0x1670  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:12:35.0783 0x1670  mrxsmb10 - ok
18:12:35.0806 0x1670  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:12:35.0825 0x1670  mrxsmb20 - ok
18:12:35.0942 0x1670  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
18:12:35.0985 0x1670  msahci - ok
18:12:36.0195 0x1670  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\windows\system32\drivers\msdsm.sys
18:12:36.0239 0x1670  msdsm - ok
18:12:36.0273 0x1670  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\windows\System32\msdtc.exe
18:12:36.0304 0x1670  MSDTC - ok
18:12:36.0331 0x1670  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:12:36.0369 0x1670  Msfs - ok
18:12:36.0458 0x1670  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
18:12:36.0585 0x1670  mshidkmdf - ok
18:12:36.0607 0x1670  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:12:36.0620 0x1670  msisadrv - ok
18:12:36.0850 0x1670  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
18:12:37.0076 0x1670  MSiSCSI - ok
18:12:37.0080 0x1670  msiserver - ok
18:12:37.0206 0x1670  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
18:12:37.0290 0x1670  MSKSSRV - ok
18:12:37.0387 0x1670  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:12:37.0420 0x1670  MSPCLOCK - ok
18:12:37.0670 0x1670  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
18:12:37.0744 0x1670  MSPQM - ok
18:12:37.0907 0x1670  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
18:12:38.0314 0x1670  MsRPC - ok
18:12:38.0350 0x1670  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
18:12:38.0360 0x1670  mssmbios - ok
18:12:38.0370 0x1670  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
18:12:38.0419 0x1670  MSTEE - ok
18:12:38.0454 0x1670  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
18:12:38.0484 0x1670  MTConfig - ok
18:12:38.0500 0x1670  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\windows\system32\Drivers\mup.sys
18:12:38.0516 0x1670  Mup - ok
18:12:38.0798 0x1670  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
18:12:39.0037 0x1670  napagent - ok
18:12:39.0295 0x1670  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
18:12:39.0651 0x1670  NativeWifiP - ok
18:12:40.0529 0x1670  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:12:40.0939 0x1670  NAUpdate - ok
18:12:41.0449 0x1670  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
18:12:41.0483 0x1670  NDIS - ok
18:12:41.0514 0x1670  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
18:12:41.0581 0x1670  NdisCap - ok
18:12:41.0801 0x1670  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:12:41.0905 0x1670  NdisTapi - ok
18:12:42.0035 0x1670  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
18:12:42.0190 0x1670  Ndisuio - ok
18:12:42.0256 0x1670  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
18:12:42.0315 0x1670  NdisWan - ok
18:12:42.0454 0x1670  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
18:12:42.0569 0x1670  NDProxy - ok
18:12:42.0691 0x1670  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
18:12:42.0859 0x1670  NetBIOS - ok
18:12:43.0020 0x1670  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
18:12:43.0322 0x1670  NetBT - ok
18:12:43.0494 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
18:12:43.0509 0x1670  Netlogon - ok
18:12:43.0674 0x1670  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
18:12:43.0745 0x1670  Netman - ok
18:12:44.0017 0x1670  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:44.0057 0x1670  NetMsmqActivator - ok
18:12:44.0351 0x1670  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:44.0385 0x1670  NetPipeActivator - ok
18:12:44.0713 0x1670  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
18:12:44.0876 0x1670  netprofm - ok
18:12:45.0161 0x1670  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:45.0179 0x1670  NetTcpActivator - ok
18:12:45.0188 0x1670  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:12:45.0201 0x1670  NetTcpPortSharing - ok
18:12:45.0286 0x1670  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\windows\system32\drivers\nfrd960.sys
18:12:45.0411 0x1670  nfrd960 - ok
18:12:45.0614 0x1670  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
18:12:45.0668 0x1670  NlaSvc - ok
18:12:45.0736 0x1670  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:12:45.0795 0x1670  Npfs - ok
18:12:45.0897 0x1670  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\windows\system32\nsisvc.dll
18:12:46.0020 0x1670  nsi - ok
18:12:46.0113 0x1670  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:12:46.0244 0x1670  nsiproxy - ok
18:12:46.0717 0x1670  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:12:47.0397 0x1670  Ntfs - ok
18:12:47.0426 0x1670  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
18:12:47.0489 0x1670  Null - ok
18:12:47.0528 0x1670  [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
18:12:47.0588 0x1670  nusb3hub - ok
18:12:47.0670 0x1670  [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
18:12:47.0849 0x1670  nusb3xhc - ok
18:12:47.0978 0x1670  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:12:48.0162 0x1670  nvraid - ok
18:12:48.0241 0x1670  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:12:48.0262 0x1670  nvstor - ok
18:12:48.0285 0x1670  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:12:48.0305 0x1670  nv_agp - ok
18:12:48.0328 0x1670  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:12:48.0346 0x1670  ohci1394 - ok
18:12:48.0454 0x1670  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:12:48.0545 0x1670  p2pimsvc - ok
18:12:48.0630 0x1670  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
18:12:48.0859 0x1670  p2psvc - ok
18:12:48.0897 0x1670  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\windows\system32\drivers\parport.sys
18:12:48.0943 0x1670  Parport - ok
18:12:49.0006 0x1670  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\windows\system32\drivers\partmgr.sys
18:12:49.0049 0x1670  partmgr - ok
18:12:49.0178 0x1670  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
18:12:49.0403 0x1670  PcaSvc - ok
18:12:49.0602 0x1670  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\windows\system32\drivers\pci.sys
18:12:49.0666 0x1670  pci - ok
18:12:49.0735 0x1670  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
18:12:49.0769 0x1670  pciide - ok
18:12:49.0874 0x1670  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
18:12:49.0918 0x1670  pcmcia - ok
18:12:49.0934 0x1670  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\windows\system32\drivers\pcw.sys
18:12:49.0952 0x1670  pcw - ok
18:12:50.0211 0x1670  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:12:50.0283 0x1670  PEAUTH - ok
18:12:50.0589 0x1670  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:12:50.0659 0x1670  PerfHost - ok
18:12:50.0812 0x1670  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\windows\system32\pla.dll
18:12:50.0933 0x1670  pla - ok
18:12:51.0179 0x1670  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:12:51.0606 0x1670  PlugPlay - ok
18:12:51.0624 0x1670  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
18:12:51.0660 0x1670  PNRPAutoReg - ok
18:12:51.0691 0x1670  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
18:12:51.0708 0x1670  PNRPsvc - ok
18:12:51.0845 0x1670  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
18:12:51.0991 0x1670  PolicyAgent - ok
18:12:52.0117 0x1670  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\windows\system32\umpo.dll
18:12:52.0171 0x1670  Power - ok
18:12:52.0216 0x1670  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:12:52.0279 0x1670  PptpMiniport - ok
18:12:52.0333 0x1670  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\windows\system32\drivers\processr.sys
18:12:52.0369 0x1670  Processor - ok
18:12:52.0475 0x1670  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc        C:\windows\system32\profsvc.dll
18:12:52.0736 0x1670  ProfSvc - ok
18:12:52.0809 0x1670  Prot6Flt - ok
18:12:52.0861 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
18:12:52.0891 0x1670  ProtectedStorage - ok
18:12:53.0081 0x1670  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:12:53.0167 0x1670  Psched - ok
18:12:53.0325 0x1670  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI            C:\windows\system32\DRIVERS\psi_mf_amd64.sys
18:12:53.0344 0x1670  PSI - ok
18:12:53.0717 0x1670  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
18:12:54.0031 0x1670  ql2300 - ok
18:12:54.0175 0x1670  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
18:12:54.0213 0x1670  ql40xx - ok
18:12:54.0255 0x1670  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\windows\system32\qwave.dll
18:12:54.0287 0x1670  QWAVE - ok
18:12:54.0358 0x1670  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:12:54.0467 0x1670  QWAVEdrv - ok
18:12:54.0504 0x1670  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:12:54.0560 0x1670  RasAcd - ok
18:12:54.0703 0x1670  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
18:12:54.0862 0x1670  RasAgileVpn - ok
18:12:54.0946 0x1670  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\windows\System32\rasauto.dll
18:12:55.0008 0x1670  RasAuto - ok
18:12:55.0097 0x1670  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
18:12:55.0156 0x1670  Rasl2tp - ok
18:12:55.0253 0x1670  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
18:12:55.0329 0x1670  RasMan - ok
18:12:55.0437 0x1670  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:12:55.0507 0x1670  RasPppoe - ok
18:12:55.0598 0x1670  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
18:12:55.0691 0x1670  RasSstp - ok
18:12:55.0762 0x1670  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
18:12:55.0833 0x1670  rdbss - ok
18:12:55.0903 0x1670  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
18:12:55.0968 0x1670  rdpbus - ok
18:12:56.0113 0x1670  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:12:56.0193 0x1670  RDPCDD - ok
18:12:56.0318 0x1670  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:12:56.0427 0x1670  RDPENCDD - ok
18:12:56.0542 0x1670  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:12:56.0606 0x1670  RDPREFMP - ok
18:12:56.0740 0x1670  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
18:12:56.0899 0x1670  RDPWD - ok
18:12:56.0929 0x1670  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:12:56.0951 0x1670  rdyboost - ok
18:12:57.0211 0x1670  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:12:57.0282 0x1670  RemoteAccess - ok
18:12:57.0445 0x1670  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:12:57.0563 0x1670  RemoteRegistry - ok
18:12:57.0729 0x1670  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
18:12:58.0134 0x1670  RFCOMM - ok
18:12:58.0219 0x1670  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:12:58.0288 0x1670  RpcEptMapper - ok
18:12:58.0339 0x1670  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
18:12:58.0391 0x1670  RpcLocator - ok
18:12:58.0516 0x1670  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\windows\system32\rpcss.dll
18:12:58.0571 0x1670  RpcSs - ok
18:12:58.0657 0x1670  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:12:58.0733 0x1670  rspndr - ok
18:12:58.0854 0x1670  [ 89DFB71B370D82DFE75183F677043CEE, 448798010AB86040D7A4A8956D7139951A9BD3517942DE2C4B82041B0408D78A ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
18:12:58.0897 0x1670  RSUSBVSTOR - ok
18:12:59.0071 0x1670  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167        C:\windows\system32\DRIVERS\Rt64win7.sys
18:12:59.0112 0x1670  RTL8167 - ok
18:12:59.0137 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs          C:\windows\system32\lsass.exe
18:12:59.0147 0x1670  SamSs - ok
18:12:59.0164 0x1670  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:12:59.0181 0x1670  sbp2port - ok
18:12:59.0374 0x1670  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:12:59.0570 0x1670  SCardSvr - ok
18:12:59.0619 0x1670  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:12:59.0673 0x1670  scfilter - ok
18:13:00.0007 0x1670  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
18:13:00.0341 0x1670  Schedule - ok
18:13:00.0464 0x1670  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\windows\System32\certprop.dll
18:13:00.0527 0x1670  SCPolicySvc - ok
18:13:00.0557 0x1670  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:13:00.0619 0x1670  SDRSVC - ok
18:13:00.0719 0x1670  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:13:00.0773 0x1670  secdrv - ok
18:13:00.0850 0x1670  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
18:13:00.0928 0x1670  seclogon - ok
18:13:01.0625 0x1670  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:13:02.0482 0x1670  Secunia PSI Agent - ok
18:13:02.0717 0x1670  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
18:13:03.0065 0x1670  Secunia Update Agent - ok
18:13:03.0101 0x1670  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
18:13:03.0153 0x1670  SENS - ok
18:13:03.0341 0x1670  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:13:03.0411 0x1670  SensrSvc - ok
18:13:03.0464 0x1670  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\windows\system32\drivers\serenum.sys
18:13:03.0523 0x1670  Serenum - ok
18:13:03.0608 0x1670  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
18:13:03.0678 0x1670  Serial - ok
18:13:03.0708 0x1670  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
18:13:03.0727 0x1670  sermouse - ok
18:13:03.0827 0x1670  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
18:13:03.0918 0x1670  SessionEnv - ok
18:13:04.0098 0x1670  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
18:13:04.0188 0x1670  sffdisk - ok
18:13:04.0208 0x1670  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:13:04.0225 0x1670  sffp_mmc - ok
18:13:04.0260 0x1670  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
18:13:04.0296 0x1670  sffp_sd - ok
18:13:04.0349 0x1670  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\windows\system32\drivers\sfloppy.sys
18:13:04.0382 0x1670  sfloppy - ok
18:13:04.0435 0x1670  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:13:04.0551 0x1670  SharedAccess - ok
18:13:04.0747 0x1670  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:13:05.0000 0x1670  ShellHWDetection - ok
18:13:05.0097 0x1670  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
18:13:05.0131 0x1670  SiSRaid2 - ok
18:13:05.0176 0x1670  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
18:13:05.0205 0x1670  SiSRaid4 - ok
18:13:05.0498 0x1670  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
18:13:05.0925 0x1670  SkypeUpdate - ok
18:13:06.0109 0x1670  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\windows\system32\DRIVERS\smb.sys
18:13:06.0235 0x1670  Smb - ok
18:13:06.0386 0x1670  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:13:06.0485 0x1670  SNMPTRAP - ok
18:13:06.0563 0x1670  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\windows\system32\drivers\spldr.sys
18:13:06.0598 0x1670  spldr - ok
18:13:06.0791 0x1670  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\windows\System32\spoolsv.exe
18:13:06.0876 0x1670  Spooler - ok
18:13:07.0367 0x1670  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
18:13:07.0938 0x1670  sppsvc - ok
18:13:08.0032 0x1670  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\windows\system32\sppuinotify.dll
18:13:08.0076 0x1670  sppuinotify - ok
18:13:08.0225 0x1670  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] SPUVCbv        C:\windows\system32\Drivers\usbvideo.sys
18:13:08.0352 0x1670  SPUVCbv - ok
18:13:08.0583 0x1670  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\windows\system32\DRIVERS\srv.sys
18:13:09.0041 0x1670  srv - ok
18:13:09.0297 0x1670  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:13:09.0683 0x1670  srv2 - ok
18:13:09.0813 0x1670  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:13:09.0986 0x1670  srvnet - ok
18:13:10.0084 0x1670  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
18:13:10.0143 0x1670  SSDPSRV - ok
18:13:10.0189 0x1670  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\windows\system32\sstpsvc.dll
18:13:10.0225 0x1670  SstpSvc - ok
18:13:10.0879 0x1670  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:13:11.0414 0x1670  Steam Client Service - ok
18:13:11.0562 0x1670  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
18:13:11.0577 0x1670  stexstor - ok
18:13:11.0937 0x1670  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
18:13:12.0248 0x1670  stisvc - ok
18:13:12.0311 0x1670  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
18:13:12.0350 0x1670  swenum - ok
18:13:12.0699 0x1670  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\windows\System32\swprv.dll
18:13:12.0805 0x1670  swprv - ok
18:13:13.0140 0x1670  [ 9643991B5CFD7A9BA68626B7A005F7E6, C256A7AC1B2FD98F85D3BB920374C70F65D4A6E3EE420F5AD8E114001BD10822 ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
18:13:13.0594 0x1670  SynTP - ok
18:13:13.0668 0x1670  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\windows\system32\sysmain.dll
18:13:13.0896 0x1670  SysMain - ok
18:13:13.0959 0x1670  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
18:13:13.0994 0x1670  TabletInputService - ok
18:13:14.0717 0x1670  [ C0255D8E3ABE790694927624603F8F10, C0038659D8F09F728050F800D319DAC245393D01FEEF1D91E4BDA0F55F29E00F ] TabletServiceWacom C:\windows\system32\Wacom_Tablet.exe
18:13:15.0849 0x1670  TabletServiceWacom - ok
18:13:15.0970 0x1670  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\windows\System32\tapisrv.dll
18:13:16.0151 0x1670  TapiSrv - ok
18:13:16.0210 0x1670  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\windows\System32\tbssvc.dll
18:13:16.0242 0x1670  TBS - ok
18:13:16.0721 0x1670  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip          C:\windows\system32\drivers\tcpip.sys
18:13:16.0944 0x1670  Tcpip - ok
18:13:17.0371 0x1670  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:13:17.0419 0x1670  TCPIP6 - ok
18:13:17.0518 0x1670  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:13:17.0543 0x1670  tcpipreg - ok
18:13:17.0569 0x1670  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:13:17.0693 0x1670  TDPIPE - ok
18:13:17.0727 0x1670  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
18:13:17.0743 0x1670  TDTCP - ok
18:13:17.0916 0x1670  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
18:13:17.0975 0x1670  tdx - ok
18:13:18.0165 0x1670  [ 402794A75A899E296AB3EDEC4ECCB9A8, BB25534D51C3B599072AE06578E788B54B0164DD94358958865927B98F63E016 ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:13:20.0226 0x1670  TeamViewer8 - ok
18:13:20.0261 0x1670  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
18:13:20.0280 0x1670  TermDD - ok
18:13:20.0442 0x1670  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService    C:\windows\System32\termsrv.dll
18:13:20.0789 0x1670  TermService - ok
18:13:20.0828 0x1670  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
18:13:20.0848 0x1670  Themes - ok
18:13:20.0960 0x1670  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\windows\system32\mmcss.dll
18:13:21.0025 0x1670  THREADORDER - ok
18:13:21.0108 0x1670  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
18:13:21.0180 0x1670  TrkWks - ok
18:13:21.0329 0x1670  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:13:21.0567 0x1670  TrustedInstaller - ok
18:13:21.0643 0x1670  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:13:21.0766 0x1670  tssecsrv - ok
18:13:21.0897 0x1670  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:13:21.0963 0x1670  TsUsbFlt - ok
18:13:21.0998 0x1670  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD        C:\windows\system32\drivers\TsUsbGD.sys
18:13:22.0052 0x1670  TsUsbGD - ok
18:13:22.0245 0x1670  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:13:22.0435 0x1670  tunnel - ok
18:13:22.0484 0x1670  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
18:13:22.0519 0x1670  uagp35 - ok
18:13:22.0594 0x1670  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:13:22.0645 0x1670  udfs - ok
18:13:22.0718 0x1670  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\windows\system32\UI0Detect.exe
18:13:22.0756 0x1670  UI0Detect - ok
18:13:22.0785 0x1670  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:13:22.0802 0x1670  uliagpkx - ok
18:13:22.0895 0x1670  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\windows\system32\DRIVERS\umbus.sys
18:13:22.0931 0x1670  umbus - ok
18:13:22.0986 0x1670  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
18:13:23.0020 0x1670  UmPass - ok
18:13:23.0681 0x1670  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:13:24.0723 0x1670  UNS - ok
18:13:24.0866 0x1670  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
18:13:24.0934 0x1670  upnphost - ok
18:13:25.0085 0x1670  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
18:13:25.0197 0x1670  usbaudio - ok
18:13:25.0258 0x1670  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
18:13:25.0308 0x1670  usbccgp - ok
18:13:25.0532 0x1670  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:13:25.0696 0x1670  usbcir - ok
18:13:25.0751 0x1670  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\windows\system32\drivers\usbehci.sys
18:13:25.0809 0x1670  usbehci - ok
18:13:26.0126 0x1670  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:13:26.0235 0x1670  usbhub - ok
18:13:26.0292 0x1670  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci        C:\windows\system32\drivers\usbohci.sys
18:13:26.0307 0x1670  usbohci - ok
18:13:26.0391 0x1670  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
18:13:26.0457 0x1670  usbprint - ok
18:13:26.0579 0x1670  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
18:13:26.0757 0x1670  USBSTOR - ok
18:13:26.0921 0x1670  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
18:13:26.0953 0x1670  usbuhci - ok
18:13:26.0983 0x1670  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
18:13:26.0997 0x1670  usbvideo - ok
18:13:27.0034 0x1670  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\windows\System32\uxsms.dll
18:13:27.0180 0x1670  UxSms - ok
18:13:27.0213 0x1670  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
18:13:27.0240 0x1670  VaultSvc - ok
18:13:27.0330 0x1670  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:13:27.0363 0x1670  vdrvroot - ok
18:13:27.0618 0x1670  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\windows\System32\vds.exe
18:13:28.0146 0x1670  vds - ok
18:13:28.0205 0x1670  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
18:13:28.0229 0x1670  vga - ok
18:13:28.0273 0x1670  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\windows\System32\drivers\vga.sys
18:13:28.0340 0x1670  VgaSave - ok
18:13:28.0422 0x1670  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
18:13:28.0452 0x1670  vhdmp - ok
18:13:28.0515 0x1670  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
18:13:28.0554 0x1670  viaide - ok
18:13:28.0620 0x1670  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:13:28.0660 0x1670  volmgr - ok
18:13:28.0781 0x1670  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
18:13:28.0825 0x1670  volmgrx - ok
18:13:28.0914 0x1670  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\windows\system32\drivers\volsnap.sys
18:13:28.0955 0x1670  volsnap - ok
18:13:29.0060 0x1670  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\windows\system32\drivers\vsmraid.sys
18:13:29.0091 0x1670  vsmraid - ok
18:13:29.0528 0x1670  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\windows\system32\vssvc.exe
18:13:29.0645 0x1670  VSS - ok
18:13:29.0687 0x1670  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:13:29.0749 0x1670  vwifibus - ok
18:13:29.0821 0x1670  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:13:29.0905 0x1670  vwififlt - ok
18:13:30.0098 0x1670  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp        C:\windows\system32\DRIVERS\vwifimp.sys
18:13:30.0176 0x1670  vwifimp - ok
18:13:30.0331 0x1670  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\windows\system32\w32time.dll
18:13:30.0469 0x1670  W32Time - ok
18:13:30.0580 0x1670  [ 37E4600E2CDAD3C1A3613A25B97D457C, 8AA9F5FE5530FB144E7DCACAB4D1A815B14AF425EF8955F0B5BA2B528B1C00A7 ] wacmoumonitor  C:\windows\system32\DRIVERS\wacmoumonitor.sys
18:13:30.0778 0x1670  wacmoumonitor - ok
18:13:30.0905 0x1670  [ E04D43C7D1641E95D35CAE6086C7E350, BF08ED680EC835D70C522B91560B8987F206793E8E2987117C1D7B77DEFF8556 ] wacommousefilter C:\windows\system32\DRIVERS\wacommousefilter.sys
18:13:30.0933 0x1670  wacommousefilter - ok
18:13:30.0980 0x1670  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
18:13:31.0133 0x1670  WacomPen - ok
18:13:31.0239 0x1670  [ EC1CEB237E365330C1FCFC4876AA0AC0, 9BFF9062AC5E4B9D0C6502D8DE7E59B887903ED29F26157A5F82966932F1EBD0 ] wacomvhid      C:\windows\system32\DRIVERS\wacomvhid.sys
18:13:31.0276 0x1670  wacomvhid - ok
18:13:31.0425 0x1670  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:13:31.0702 0x1670  WANARP - ok
18:13:31.0766 0x1670  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:13:31.0794 0x1670  Wanarpv6 - ok
18:13:32.0357 0x1670  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc    C:\windows\system32\Wat\WatAdminSvc.exe
18:13:32.0746 0x1670  WatAdminSvc - ok
18:13:33.0162 0x1670  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
18:13:33.0413 0x1670  wbengine - ok
18:13:33.0566 0x1670  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:13:33.0819 0x1670  WbioSrvc - ok
18:13:33.0991 0x1670  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\windows\System32\wcncsvc.dll
18:13:34.0215 0x1670  wcncsvc - ok
18:13:34.0295 0x1670  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:13:34.0385 0x1670  WcsPlugInService - ok
18:13:34.0521 0x1670  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
18:13:34.0538 0x1670  Wd - ok
18:13:35.0008 0x1670  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:13:35.0540 0x1670  Wdf01000 - ok
18:13:35.0795 0x1670  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:13:36.0491 0x1670  WdiServiceHost - ok
18:13:36.0637 0x1670  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost  C:\windows\system32\wdi.dll
18:13:36.0663 0x1670  WdiSystemHost - ok
18:13:36.0708 0x1670  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\windows\System32\webclnt.dll
18:13:36.0734 0x1670  WebClient - ok
18:13:36.0889 0x1670  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:13:37.0123 0x1670  Wecsvc - ok
18:13:37.0305 0x1670  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\windows\System32\wercplsupport.dll
18:13:37.0359 0x1670  wercplsupport - ok
18:13:37.0526 0x1670  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
18:13:37.0582 0x1670  WerSvc - ok
18:13:37.0690 0x1670  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:13:37.0757 0x1670  WfpLwf - ok
18:13:37.0920 0x1670  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:13:38.0098 0x1670  WIMMount - ok
18:13:38.0197 0x1670  WinDefend - ok
18:13:38.0258 0x1670  WinHttpAutoProxySvc - ok
18:13:38.0645 0x1670  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
18:13:39.0081 0x1670  Winmgmt - ok
18:13:39.0211 0x1670  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM          C:\windows\system32\WsmSvc.dll
18:13:39.0608 0x1670  WinRM - ok
18:13:39.0822 0x1670  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
18:13:40.0015 0x1670  WinUsb - ok
18:13:40.0453 0x1670  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\windows\System32\wlansvc.dll
18:13:40.0578 0x1670  Wlansvc - ok
18:13:40.0927 0x1670  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:13:41.0117 0x1670  wlcrasvc - ok
18:13:41.0675 0x1670  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:13:42.0082 0x1670  wlidsvc - ok
18:13:42.0109 0x1670  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
18:13:42.0177 0x1670  WmiAcpi - ok
18:13:42.0304 0x1670  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:13:42.0451 0x1670  wmiApSrv - ok
18:13:42.0663 0x1670  WMPNetworkSvc - ok
18:13:42.0707 0x1670  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:13:42.0840 0x1670  WPCSvc - ok
18:13:42.0868 0x1670  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:13:43.0162 0x1670  WPDBusEnum - ok
18:13:43.0284 0x1670  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
18:13:43.0406 0x1670  ws2ifsl - ok
18:13:43.0558 0x1670  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
18:13:43.0591 0x1670  wscsvc - ok
18:13:43.0594 0x1670  WSearch - ok
18:13:43.0672 0x1670  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
18:13:43.0690 0x1670  wsvd - ok
18:13:43.0791 0x1670  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
18:13:44.0005 0x1670  wuauserv - ok
18:13:44.0090 0x1670  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:13:44.0211 0x1670  WudfPf - ok
18:13:44.0457 0x1670  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:13:44.0496 0x1670  WUDFRd - ok
18:13:44.0600 0x1670  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
18:13:44.0899 0x1670  wudfsvc - ok
18:13:44.0973 0x1670  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\windows\System32\wwansvc.dll
18:13:45.0287 0x1670  WwanSvc - ok
18:13:45.0467 0x1670  ================ Scan global ===============================
18:13:45.0553 0x1670  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
18:13:45.0793 0x1670  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
18:13:45.0820 0x1670  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
18:13:45.0869 0x1670  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
18:13:45.0985 0x1670  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
18:13:45.0998 0x1670  [ Global ] - ok
18:13:45.0998 0x1670  ================ Scan MBR ==================================
18:13:46.0025 0x1670  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:13:47.0496 0x1670  \Device\Harddisk0\DR0 - ok
18:13:47.0496 0x1670  ================ Scan VBR ==================================
18:13:47.0533 0x1670  [ 5FF891F21043D9F1DE4981DB8E612558 ] \Device\Harddisk0\DR0\Partition1
18:13:47.0538 0x1670  \Device\Harddisk0\DR0\Partition1 - ok
18:13:47.0552 0x1670  [ 5D29531A18ED9FCAB01149C6CC515A27 ] \Device\Harddisk0\DR0\Partition2
18:13:47.0555 0x1670  \Device\Harddisk0\DR0\Partition2 - ok
18:13:47.0582 0x1670  [ B0C91858D5F1D02C0F38765E2F3294F1 ] \Device\Harddisk0\DR0\Partition3
18:13:47.0585 0x1670  \Device\Harddisk0\DR0\Partition3 - ok
18:13:48.0293 0x1670  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x41000 ( enabled : updated )
18:13:48.0360 0x1670  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x41010 ( enabled )
18:13:51.0090 0x1670  ============================================================
18:13:51.0090 0x1670  Scan finished
18:13:51.0090 0x1670  ============================================================
18:13:51.0110 0x1bc8  Detected object count: 0
18:13:51.0110 0x1bc8  Actual detected object count: 0
18:13:57.0951 0x1fac  Deinitialize success
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Rena :: RENA-PC [administrator]

17.03.2014 18:19:26
mbar-log-2014-03-17 (18-19-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 250582
Time elapsed: 20 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber 19.03.2014 12:43
Installiere Kaspersky mal komplett neu.

Rena-Dango 22.03.2014 14:14
Ist das wirklich noetig? Was mach ich wenn dann der Lizenscode nicht mehr funktioniert?

schrauber 23.03.2014 10:56
Kaspersky Support anschreiben, dafür werden die ja bezahlt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55