An 22 Stellen pup.loadtubes bei Scan mit MBAM gefunden

Mirkusmach · 05.02.2013, 22:32

Hallo liebe "Trojaner-Jagd" Gemeinde,

ich habe erst kürzlich routinemäßig das Programm Malewarebytes Anti-Maleware über meinen Rechner laufen lassen und musste leider mit Bedauern feststellen, dass der Scan 22 infizierte Dateien gefunden hat! Es wurden mir hierbei PUP.LoadTubes angezeigt.
Wie und wo ich mir die eingefangen haben soll ist mir gänzlich unbekannt. Bis jetzt ist mir jedoch noch kein "merkwürdiges" Verhalten am PC aufgefallen, bin mir aber trotzdem keineswegs über die Tragweite dieser Trojanermeldungen (insbesondere im Bezug auf Online-Banking Geschichten bzw. vertrauliche Daten o.ä. ...) nicht ganz sicher. Aufgrund dessen bin ich nach einer Suche über Google auf euer Forum gestoßen und mittlerweile ein wenig über die verschiedenen Vorgehensweisen in den Beiträgen ( z.B. "PUP.LoadTubes an 22 Stellen im PC gefunden") verunsichert, die ich zu diesen Thema gelesen habe. Des Weiteren muss ich gestehen, dass ich auf diesem Gebiet eher ein Greenhorn bin und hoffe euch das Problem trotzdem ausreichend genug geschildert zu haben damit ihr mir bitte Schritt für Schritt weiterhelfen könnt.

Die Log-Datei des entsprechenden Scans mit MBAM habe ich als Anhang unten eingefügt.

Für eure Hilfe und den damit verbunden hohen Aufwand wäre ich euch sehr dankbar! Daher schon mal vorab ein Merci von mir...

cosinus · 06.02.2013, 11:48

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Mirkusmach · 06.02.2013, 15:42

Vielen Dank für den raschen Support!

Wie angeweisen habe ich den adwcleaner und OTL laufen lassen. Den adwcleaner musste ich zwei mal starten lassen, da ich beim ersten mal vergessen hatte vorher den defogger zu starten und auf "disable" zu stellen. Deshalb poste ich nur den 2. Durchlauf. Bei OTL habe ich nur "Scanne alle Benutzer" durchführt ohne "inklusive 64-Bit Scans". Ich hoffe das war richtig...

Adwcleaner-LOG

Code:

ATTFilter

# AdwCleaner v2.111 - Datei am 06/02/2013 um 14:52:29 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : markus - NB-MARKUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\markus\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Users\markus\AppData\Local\Temp\Zynga

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0.2 (de)

Datei : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\ra5oniot.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5458 octets] - [06/02/2013 14:48:40]
AdwCleaner[S2].txt - [1006 octets] - [06/02/2013 14:52:29]

########## EOF - C:\AdwCleaner[S2].txt - [1066 octets] ##########

OTL-Extras Logfile

Code:

ATTFilter

OTL Extras logfile created on: 06.02.2013 15:33:49 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\markus\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,45% Memory free
15,77 Gb Paging File | 12,72 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,29 Gb Total Space | 127,61 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 6,48 Gb Free Space | 41,50% Space Free | Partition Type: NTFS
 
Computer Name: NB-MARKUS | User Name: markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AAA768-355D-4B89-90A3-F13DA1271540}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09EA39B8-87BB-4EFA-923D-2563F7F180EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{156F600B-C6A3-41BB-B1FA-FA58E4709486}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{18202B18-7DD7-4526-BBBA-0FF26E136602}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1CD8B0B6-3893-4972-ACC3-EDF5F9AF320B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1EEE9A64-B0BC-4929-B624-12A8077061F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F5F1193-D22B-47F6-A839-82DD39F48100}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20400760-F145-4F68-9FF1-0F9DFFBAB863}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30C3516E-8014-46D1-B634-525EE54708D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{365A52D5-C6B3-42BA-BD0C-95283A73FC9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38CF56BE-35C0-4DD2-8530-6AF78F78B7AD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3D2B4550-7F42-43B0-BDE3-BCFBECC46E1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46718793-8864-481D-A95A-E00F78BF5985}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4819142A-A789-4875-9732-49581C324DF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65249CAB-E1DB-4FC9-B575-55C093A3536B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6709D6B9-E6AB-4C0B-81A9-A2EEC55EF6F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69D67D7D-D04C-4903-8D3C-6EBF2E808362}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6C28CBF7-19CD-480C-A2B5-34FF8363EF5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C9FF24-0081-41A8-B4E0-DAA0824207E8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7FA3E5AD-944C-4088-A68E-13812CE65755}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{81474C86-43BD-4651-8E9A-91B8DA35FE12}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{88F07847-6374-47F1-AA83-F777609417B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{922E148E-3F3E-4168-B532-1DF88CA92E8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{945B0F56-FC41-4C5D-90DE-0107C20C007A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{99CA99D1-DC7B-4B80-BE06-BDE8FD964DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A976D80-6449-485A-94C7-C020F6E316FE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A718D00E-7B9E-4418-804D-0EF08B18D3EA}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{BA38126F-551D-4248-8518-44AD5B6615CC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BC06FAC3-EBE7-4864-912D-C9D3779A091E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF4DE191-5590-4AA2-B132-97FE657DB0D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C4704A70-A334-4395-8EC3-4CAB940DF6B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4CB7DAB-75B3-4824-9863-5EA3FD399720}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6D03C5E-9965-4206-A04E-1E252C1ACB23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F83334CD-C9BD-4245-8B04-8E08FB5D20EB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FD80E43C-7356-462A-924F-677267CA9B6A}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016EE65B-607D-428E-B18A-01E9C1E4988F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0220DD0A-BC7C-44A3-9620-162D86493A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0993FBA8-D933-4736-AD3A-7DBA15401C48}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{18F7E3CC-714C-4AF8-9A2C-92464367BFCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1985B6C2-6AD6-46F6-AE61-2127DBFC69A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1AE2C9B5-2A8C-4B5A-9158-6345A1FBAB5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{24692B5E-65CC-42A5-9D2A-7823BDA8F170}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{30D8C448-0B82-43BE-9D71-47610731C7F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{366410D9-49DA-4A0E-8536-26C6E7D1CF73}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{40D6412B-9718-441E-B82A-4110697C7F40}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{40F95177-091A-471E-B42B-8F73FCD10F3B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4BB7BD37-EEF1-4148-9E59-9339F7F3921D}" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"{4E05B227-A1F7-472F-8314-F8B61E1B68E6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4F077944-5FA8-4D6D-93B6-FBA8AFDEECC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{502038AD-9D00-4601-8BA1-36909D94D14A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{54F3B51B-18E2-4743-8CCA-A4AD2CE709CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5556BBEB-5C6A-4A67-9C8D-580A46461DFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{605E112C-68A7-4970-8383-8529EACB3581}" = protocol=6 | dir=out | app=system | 
"{608E12CE-620E-4F71-87C6-249CF8139D96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6746B74B-BCDB-408C-919B-F6AE7148958B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68BC161C-83DB-4D56-BE09-B016737B2721}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6AF27BF3-5CCB-485F-98C0-BA1C839706DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71110B45-68F6-4991-9DDD-5C3C8FD88C84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D1178EA-A3A2-450F-8BAA-5BC5051259E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8C81775F-DCE0-4B98-9FA4-030BC50213D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6AE0372-5F26-4D32-B977-49EFAA7F0524}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB601657-5DB2-46E7-BF30-04F07AC8CCFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1BC4EA1-E6EC-455D-9E91-F0A23EAEA4CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2901256-3453-4789-94F3-0F80CF44E6E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4DAB89F-1321-4F1A-9312-6845D80EE47D}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D6562AC4-9EBD-4D80-A8E4-CC1B14FBCB74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC1CDD41-9469-4F90-9A7C-A3A47EAA2046}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{DDDD8258-2960-4073-B0EF-6F7C0C282F62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E75667D7-70D0-4E05-A368-493036B56BE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E948B813-3FA0-4D63-BE87-E5D5D2555018}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{EAA43648-19A8-4B55-BEEC-59C17EC2104B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ECEE860A-BDB2-4C4D-93C2-31449116E792}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F133E9FB-890D-4118-961B-30F0D3BA3DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{3FBDA981-E9F5-4E2D-A460-1C963FA6884A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{42502B6E-84FD-4D6B-AF50-657FD33156EB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{62387368-1705-4016-8B20-DACFFD0C32DA}C:\program files (x86)\pioneer\rekordbox 2.0.2\psvnfsd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\psvnfsd.exe | 
"TCP Query User{626C8610-93DF-478D-88CA-E423010CA5CD}C:\program files (x86)\pioneer\rekordbox 2.0.2\rekordbox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\rekordbox.exe | 
"TCP Query User{63D3ED29-A976-4613-855B-CA29DD3AADE4}C:\program files (x86)\pioneer\rekordbox 2.0.2\psvlinksysmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\psvlinksysmgr.exe | 
"TCP Query User{64E52E73-867F-4136-ABE6-E9E1330E9F18}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{68D0AF21-8CC4-4AE4-BAFA-551C940F4F14}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{7602A17A-7D3D-41CB-9D65-382A07CE2226}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8C39F540-57CA-429A-B6E6-D02C8BD74B1E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8C8D855F-B890-4AB5-8EE2-B18C04CB2F2A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{158301A5-1DA7-4146-B03B-9FBBA4F6846A}C:\program files (x86)\pioneer\rekordbox 2.0.2\psvnfsd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\psvnfsd.exe | 
"UDP Query User{44BF427F-0CF0-4B39-BC06-38CF2264EDE7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{608046E7-93C9-46C6-ADE9-F9E231CB16DE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6B218BD5-9974-4C75-B8F0-F22F009130C2}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8BCFD872-4EC9-437F-B286-B10B097F8A58}C:\program files (x86)\pioneer\rekordbox 2.0.2\psvlinksysmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\psvlinksysmgr.exe | 
"UDP Query User{90B256C2-1C91-48FE-9F55-439753F8CC79}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{915CE961-8B75-4E4E-B4C5-609A61300C48}C:\program files (x86)\pioneer\rekordbox 2.0.2\rekordbox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pioneer\rekordbox 2.0.2\rekordbox.exe | 
"UDP Query User{99155BBC-4105-4074-88F1-041FF1809AFD}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{D97E7773-A6DC-4D20-AB20-095ED4AE295B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{FA3169A8-6A78-4653-AA5E-458E7077A700}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{242FFF00-5F19-4E5E-97F5-95C3DA9939A7}" = ESS Energie Indikator
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8ECD77-7CFD-4CD0-BA6F-B2ADDA48FD4C}" = THERM5
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5CACC829-8351-4D47-9CC1-2E20EA9FE38F}" = Allplan Holzbau
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{67DAF4C3-58CA-4EDB-B734-D97684FC379E}" = General Runtime Files for Nemetschek Allplan 2009
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8AF6C16A-6505-4E12-869C-CED217DF34BC}" = ITCH
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99118b05-37c7-41ad-841a-9b769ce2208a}" = SweetSmileys
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics-Add-In (32 Bit)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Canon iP7200 series Benutzerregistrierung" = Canon iP7200 series Benutzerregistrierung
"Canon iP7200 series On-screen Manual" = Canon iP7200 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.beatport.BeatportDownloader" = Beatport Downloader
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow v1.1.3966 [2011-08-09]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"LAME_is1" = LAME v3.99.3 (for Windows)
"LAV Splitter" = LAV Splitter (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Native Instruments Audio 2 DJ Driver" = Native Instruments Audio 2 DJ Driver
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 10 Driver" = Native Instruments Traktor Audio 10 Driver
"Native Instruments Traktor Audio 2 Driver" = Native Instruments Traktor Audio 2 Driver
"Native Instruments Traktor Audio 6 Driver" = Native Instruments Traktor Audio 6 Driver
"Native Instruments Traktor Kontrol F1 Driver" = Native Instruments Traktor Kontrol F1 Driver
"Native Instruments Traktor Kontrol S2 Driver" = Native Instruments Traktor Kontrol S2 Driver
"Native Instruments Traktor Kontrol S4 Driver" = Native Instruments Traktor Kontrol S4 Driver
"Native Instruments Traktor Kontrol X1 Driver" = Native Instruments Traktor Kontrol X1 Driver
"Native Instruments Traktor Kontrol Z2 Driver" = Native Instruments Traktor Kontrol Z2 Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"OpenVPN" = OpenVPN 2.2.1
"Pioneer rekordbox 2.0.2" = rekordbox 2.0.2
"RealMedia" = RealMedia (remove only)
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.2
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2686097577-2590547824-681435330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2013 09:35:23 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:23 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:35:55 | Computer Name = nb-markus | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
 Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
 
Error - 06.02.2013 09:50:22 | Computer Name = nb-markus | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 09:54:06 | Computer Name = nb-markus | Source = WinMgmt | ID = 10
Description = 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 13.09.2011 06:40:41 | Computer Name = nb-markus | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe
 
Error - 18.10.2011 06:52:13 | Computer Name = nb-markus | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 10.12.2011 18:50:36 | Computer Name = nb-markus | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 18.10.2012 13:38:24 | Computer Name = nb-markus | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message: 
 
Error - 18.10.2012 13:38:24 | Computer Name = nb-markus | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model
 
[ OSession Events ]
Error - 20.11.2011 07:46:12 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7822
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 13.02.2012 07:29:47 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1556
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 24.02.2012 13:59:41 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3779
 seconds with 3240 seconds of active time.  This session ended with a crash.
 
Error - 16.03.2012 12:45:38 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11065
 seconds with 4320 seconds of active time.  This session ended with a crash.
 
Error - 16.03.2012 12:50:37 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 273
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 14.04.2012 15:48:21 | Computer Name = nb-markus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2013 07:54:46 | Computer Name = nb-markus | Source = bowser | ID = 8003
Description = 
 
Error - 03.02.2013 16:15:20 | Computer Name = nb-markus | Source = bowser | ID = 8003
Description = 
 
Error - 04.02.2013 03:40:57 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 04.02.2013 11:18:21 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 04.02.2013 12:43:24 | Computer Name = nb-markus | Source = bowser | ID = 8003
Description = 
 
Error - 05.02.2013 07:14:15 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 05.02.2013 17:36:38 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 06.02.2013 03:15:29 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 06.02.2013 09:49:50 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 06.02.2013 09:53:32 | Computer Name = nb-markus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
 
< End of report >

OTL-Logfile

Code:

ATTFilter

OTL logfile created on: 06.02.2013 15:33:49 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\markus\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,45% Memory free
15,77 Gb Paging File | 12,72 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,29 Gb Total Space | 127,61 Gb Free Space | 45,37% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 6,48 Gb Free Space | 41,50% Space Free | Partition Type: NTFS
 
Computer Name: NB-MARKUS | User Name: markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll ()
MOD - C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Program Files\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A82E5472-DA8A-4350-A8E4-637ED4EF29DE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\..\SearchScopes\{4B1CE26A-1370-405E-AFB8-CFD743DB2884}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=64DBD853-D9ED-4965-9CBA-4D54BB2E176E&apn_sauid=33B8D65E-0317-4BAC-9D17-2F00E64F5777
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: VIP6X@verisign.com:2.0.3.0
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: linkfilter@kaspersky.ru:12.0.1.511
FF - prefs.js..extensions.enabledAddons: virtualKeyboard@kaspersky.ru:12.0.1.511
FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.26
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\markus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\markus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.11.01 08:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.01 08:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP6X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.01.26 10:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.07 11:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 00:25:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension
 
[2011.08.16 16:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Extensions
[2013.02.06 14:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\Firefox\Profiles\ra5oniot.default\extensions
[2012.02.29 18:37:35 | 000,709,293 | ---- | M] () (No name found) -- C:\Users\markus\AppData\Roaming\mozilla\firefox\profiles\ra5oniot.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.03.03 22:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.06 18:43:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012.03.03 22:47:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.07 11:55:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 13:43:36 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\markus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: Stealthy = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Speed Dial 2 = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Google Quick Scroll = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Google Mail = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2686097577-2590547824-681435330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C063CF1-D140-4F87-B6A1-06BE0AB7489C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8F727A-DFB7-4B29-ABA4-2C99BE710DB9}: DhcpNameServer = 130.149.7.7 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C62A389D-DC58-462F-BB33-66A40174B8E0}: NameServer = 213.191.74.18,62.109.123.196
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{b7debbdd-c829-11e0-a130-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{b7debbdd-c829-11e0-a130-028037ec0200}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{e9a5d8ac-b398-11e0-848e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a5d8ac-b398-11e0-848e-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.06 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{A59CA7E5-4257-4B51-BF67-4D09F2FFDB7B}
[2013.02.05 20:58:16 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.05 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{79ADA62F-02E3-4CA1-A267-920F2AE1CD27}
[2013.02.05 13:05:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013.02.05 13:05:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2013.02.05 13:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013.02.05 13:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
[2013.02.05 13:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013.02.05 12:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung
[2013.02.05 12:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.02.05 12:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Manual
[2013.02.05 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{E6BF1DE4-9532-43CF-BF54-C76ED0E5E13A}
[2013.02.04 16:20:15 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{48BD5BBC-3E90-464D-8539-DD9D9501BCBA}
[2013.02.03 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{5F99DDCC-8CB2-49BC-84DA-249379DDE1E6}
[2013.02.03 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{F0316D97-8BE4-46EC-ACF9-B088F2241952}
[2013.02.02 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{A825DBD2-848C-4504-8111-907FF6B08451}
[2013.02.02 09:59:52 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{42BA3E1D-216D-4DCC-877F-65D9F9D933A9}
[2013.02.01 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\PioneerLog
[2013.02.01 22:13:50 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Pioneer
[2013.02.01 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
[2013.02.01 22:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pioneer
[2013.02.01 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{2B5FBD4E-2DEB-4645-8BF8-7B8BF1FC5549}
[2013.01.31 22:50:35 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{C99BFD24-EC50-4411-9AC3-DFCD7B094F64}
[2013.01.31 22:33:55 | 000,000,000 | --SD | C] -- C:\Users\markus\Documents\Eigene Datenquellen
[2013.01.31 21:27:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\STRING
[2013.01.31 09:02:42 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{C31D1EE5-6FCD-453D-B24C-F702B68F4EFE}
[2013.01.31 00:25:21 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Malwarebytes
[2013.01.31 00:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.31 00:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.31 00:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.31 00:24:46 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\Programs
[2013.01.30 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{E18EF223-A481-438B-A778-8F14C0A62B23}
[2013.01.30 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{4A24EB68-2290-49C7-AFE6-017D4B85A203}
[2013.01.29 23:32:31 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{880802D6-5E80-4A9C-8DB2-4713F454C39D}
[2013.01.29 08:48:29 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{1EF59762-6552-4448-A576-2D7CF7CAB304}
[2013.01.28 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{5D055D96-C26E-4B9B-9FEA-5CC496ED3AF7}
[2013.01.28 09:28:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.28 09:28:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.28 09:27:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.28 09:16:06 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{25905B55-292E-4345-BA41-65BFFBD12E4A}
[2013.01.27 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{A09B734D-6B41-4F55-BA29-BF0CDA191B98}
[2013.01.26 17:54:49 | 000,000,000 | ---D | C] -- C:\Users\markus\Desktop\Beatport Music
[2013.01.26 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\com.beatport.BeatportDownloader
[2013.01.26 17:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader
[2013.01.26 17:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.26 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{C13272F7-9F2E-44CB-A1A7-4B52D5654755}
[2013.01.25 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{F20229F4-F66E-4483-ACC4-037E75B84D74}
[2013.01.24 15:05:03 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{9DCBFBB0-88C5-44DA-9A4C-406F6DEC423E}
[2013.01.23 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{8CF036F1-764C-483B-AF23-00D9ADBEDE54}
[2013.01.23 08:20:31 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{4833A0E2-7EBE-4D5D-BFE5-71E4E1BECF0F}
[2013.01.22 18:58:52 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{C7D3408E-1D2E-4480-803B-CAF5922E9025}
[2013.01.22 15:33:40 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{AB918861-A1A0-48BF-B03D-2F761EDAA221}
[2013.01.22 11:31:49 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Canon
[2013.01.22 11:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013.01.22 11:12:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.01.22 11:11:13 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL
[2013.01.22 10:52:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV
[2013.01.22 10:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.01.21 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{1CE20422-5F2A-4B0B-A6CC-337D1943495A}
[2013.01.20 23:02:14 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{03CA6C8A-94F1-4CE2-9EA7-D09152C3DAC5}
[2013.01.20 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{147569D8-CCCE-4A74-9036-8160032FCF6B}
[2013.01.20 09:59:48 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{A528712F-B4BC-46F1-B9A7-0517E1192803}
[2013.01.19 10:19:47 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{116F0412-1F26-455A-850B-44A3A5ECE21B}
[2013.01.18 09:38:51 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{0DEBB580-1A19-498D-AD77-689765498517}
[2013.01.17 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{A7C543C5-EABF-4B6E-B458-0FF8CE2DB9CE}
[2013.01.17 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{C249D1EC-7B38-4571-ABE6-0E3FBE26A294}
[2013.01.17 08:44:29 | 000,000,000 | R--D | C] -- C:\Users\markus\Dropbox
[2013.01.17 08:41:42 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.17 08:41:24 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Roaming\Dropbox
[2013.01.16 17:20:08 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{3BECE093-8201-4D9B-A423-D6E9A7A4A9E4}
[2013.01.15 22:22:15 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{4E282F9C-3261-4615-8447-621A18D2A09D}
[2013.01.15 10:21:50 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{D6FB5477-82C8-46C4-BA5C-0A33A700D902}
[2013.01.14 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{8E2A1895-776B-4549-A195-75F648BF9FB2}
[2013.01.13 09:42:56 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{DAB66634-5D0B-4C36-9710-2F59E9C38516}
[2013.01.12 18:54:16 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{03BA45F4-1F9E-42F6-B0A7-AE46FFE952CD}
[2013.01.12 00:30:35 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{E3BE5DCE-98A4-4A0D-A38C-94E35CBA9829}
[2013.01.11 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{3EC2431D-95CB-459D-A14F-8C7AFB33F8CD}
[2013.01.11 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{2F5B1362-7739-4D27-8F6A-47CF2F405660}
[2013.01.10 23:13:28 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{45CCD88A-798D-4516-8756-631904898753}
[2013.01.10 08:34:34 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{455115F3-CE76-4220-B940-FE6E1A708A0A}
[2013.01.09 18:01:19 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{99382475-A300-42D9-A5B2-97A622A4D6E4}
[2013.01.09 09:45:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 09:45:06 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 09:45:06 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 09:45:06 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 09:45:06 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 09:45:06 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 09:45:06 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 09:45:06 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 09:45:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 09:45:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 09:45:06 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 09:45:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 09:45:05 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 09:45:05 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 09:45:05 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 09:45:05 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 09:45:05 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 09:44:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 09:44:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 09:44:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 09:44:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 09:44:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 09:44:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 09:44:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 09:44:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 09:44:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 09:44:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 09:44:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 09:44:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 09:44:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 09:44:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 09:44:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 09:44:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.08 10:55:05 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{AF97FD6B-E13B-4AE7-8E6F-E10662D1392C}
[2013.01.07 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\markus\AppData\Local\{3E833293-5BA8-4777-99A7-143D30506B30}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 15:34:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2686097577-2590547824-681435330-1000UA.job
[2013.02.06 15:18:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.02.06 14:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 14:53:26 | 2054,868,991 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.06 14:52:44 | 000,000,212 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.06 14:52:17 | 000,000,168 | ---- | M] () -- C:\Users\markus\defogger_reenable
[2013.02.05 20:58:12 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.05 20:58:12 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.05 20:58:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.05 20:58:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.05 20:58:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.05 20:58:12 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.05 20:47:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2686097577-2590547824-681435330-1000Core.job
[2013.02.05 12:57:36 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013.02.05 12:48:40 | 000,002,367 | ---- | M] () -- C:\Users\Public\Desktop\Canon iP7200 series Online-Handbuch.lnk
[2013.02.01 22:08:37 | 000,001,196 | ---- | M] () -- C:\Users\markus\Desktop\rekordbox 2.0.2.lnk
[2013.02.01 08:35:21 | 000,002,382 | ---- | M] () -- C:\Users\markus\Desktop\Google Chrome.lnk
[2013.01.31 18:48:06 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.31 00:25:01 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.29 09:45:22 | 000,001,033 | ---- | M] () -- C:\Users\markus\Desktop\Dropbox.lnk
[2013.01.26 17:53:36 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2013.01.25 08:01:46 | 000,003,253 | ---- | M] () -- C:\Windows\THERM5.ini
[2013.01.21 00:25:26 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.06 14:52:17 | 000,000,168 | ---- | C] () -- C:\Users\markus\defogger_reenable
[2013.02.06 14:48:49 | 000,000,212 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.05 12:57:36 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013.02.05 12:48:40 | 000,002,367 | ---- | C] () -- C:\Users\Public\Desktop\Canon iP7200 series Online-Handbuch.lnk
[2013.02.01 22:08:37 | 000,001,196 | ---- | C] () -- C:\Users\markus\Desktop\rekordbox 2.0.2.lnk
[2013.01.31 18:48:06 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.31 00:25:01 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.26 17:53:36 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk
[2013.01.26 17:53:36 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk
[2013.01.17 08:44:29 | 000,001,033 | ---- | C] () -- C:\Users\markus\Desktop\Dropbox.lnk
[2013.01.13 20:28:05 | 000,002,724 | ---- | C] () -- C:\Users\markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speed Dial.lnk
[2012.10.28 15:20:19 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\Dfdlg100.dll
[2012.10.28 15:20:19 | 000,003,253 | ---- | C] () -- C:\Windows\THERM5.ini
[2012.01.24 17:37:37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2011.10.01 14:38:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011.09.17 07:39:53 | 000,007,601 | ---- | C] () -- C:\Users\markus\AppData\Local\Resmon.ResmonCfg
[2011.08.16 17:02:38 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.08.16 16:46:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.08.16 16:32:05 | 000,017,408 | ---- | C] () -- C:\Users\markus\AppData\Local\WebpageIcons.db
[2011.08.16 14:59:43 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.16 14:57:56 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.16 12:33:03 | 000,223,840 | ---- | C] () -- C:\Users\markus\AppData\Roaming\wanancsp.dat
[2011.07.21 14:13:55 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.21 14:13:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.21 14:13:03 | 000,034,463 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 216 bytes -> C:\RnRMount:$WIMMOUNTDATA

< End of report >

cosinus · 06.02.2013, 16:04

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Mirkusmach · 06.02.2013, 16:13

Zitat:

Zitat von cosinus

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Nein, es ist mein Privatrechner (Lenovo Laptop T420S). Das war damals beim Kauf im Paket von Lenovo mit dabei...

cosinus · 06.02.2013, 16:36

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Mirkusmach · 06.02.2013, 19:04

Folgendes Ergebnis hat der Durchlauf mit der Anti-Rootkit-Software gebracht:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
markus :: NB-MARKUS [administrator]

06.02.2013 16:59:25
mbar-log-2013-02-06 (16-59-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 32101
Time elapsed: 12 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.

(end)

Bei einem weiteren Durchlauf wurden keine weiteren infizierten Dateien gefunden. Jetzt stellt sich mir die Frage ob alle infizierten Daten erwischt wurden? Anfangs hatte das Programm Malewarebytes Anti-Malware an 22 Stellen angeschlagen aber es wurden mit der Anti-Rootkit-Software lediglich nur 1 Stelle behoben...

Vielen lieben Dank für die großartige Hilfe!!! Ein weiterer Scan mit Malwarebytes Anti-Malware hat keine infizierten Stellen angezeigt...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
markus :: NB-MARKUS [Administrator]

06.02.2013 19:00:19
mbam-log-2013-02-06 (19-00-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 430249
Laufzeit: 1 Stunde(n), 34 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 06.02.2013, 21:36

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Mirkusmach · 07.02.2013, 08:55

so folgendes Ergebnis wurde bei GMER angezeigt:

Code:

ATTFilter

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-07 08:24:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0004 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\markus\AppData\Local\Temp\kflcipob.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                               00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                 00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                               00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                               00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                  00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                           00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                  00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                           00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                 00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                      00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                               00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                 00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                    00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                 00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                               00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                           00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                           00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                 00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                   00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                 00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                 00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                    00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                             00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                    00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                             00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                   00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                        00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                 00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                   00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                      00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                   00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                 00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                             00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                             00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                            00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                              00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                            00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                            00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                               00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                        00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                               00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                        00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                              00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                   00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                            00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                              00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                 00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                              00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                            00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                        00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                        00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                   00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                   00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                       00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                     00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            00000000772b16bd 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                               00000000772b1401 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                 00000000772b1419 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                               00000000772b1431 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                               00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                  00000000772b14dd 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                           00000000772b14f5 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                  00000000772b150d 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                           00000000772b1525 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                 00000000772b153d 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                      00000000772b1555 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                               00000000772b156d 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                 00000000772b1585 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                    00000000772b159d 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                 00000000772b15b5 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                               00000000772b15cd 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                           00000000772b16b2 2 bytes [2B, 77]
.text  C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                           00000000772b16bd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              00000000772b1401 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                00000000772b1419 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              00000000772b1431 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                 00000000772b14dd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000772b14f5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                 00000000772b150d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          00000000772b1525 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                00000000772b153d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                     00000000772b1555 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              00000000772b156d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                00000000772b1585 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                   00000000772b159d 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000772b15b5 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000772b15cd 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000772b16b2 2 bytes [2B, 77]
.text  C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000772b16bd 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                      00000000772b1401 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                        00000000772b1419 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                      00000000772b1431 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                      00000000772b144a 2 bytes [2B, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                         00000000772b14dd 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                  00000000772b14f5 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                         00000000772b150d 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                  00000000772b1525 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                        00000000772b153d 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                             00000000772b1555 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                      00000000772b156d 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                        00000000772b1585 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                           00000000772b159d 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                        00000000772b15b5 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                      00000000772b15cd 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                  00000000772b16b2 2 bytes [2B, 77]
.text  C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[6140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                  00000000772b16bd 2 bytes [2B, 77]

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef49a2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef49a2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef49a7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef49a8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef49a1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef49a1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef49a81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef49a2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef49a7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]             [7fef49a6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef49a77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef49a7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef49a6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3376] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef49a5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9faadb0                                                                                                                  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9faadb0 (not active ControlSet)                                                                                              

---- Disk sectors - GMER 2.0 ----

Disk   \Device\Harddisk0\DR0                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.0 ----

Bei dem aswMBR-Scanner musste ich bei AV-Scan "none" drücken, da er - wie du geahnt hattest - mehrmals abgestürzt ist. Folgende Log-Datei habe ich extrahiert:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 08:46:01
-----------------------------
08:46:01.527    OS Version: Windows x64 6.1.7601 Service Pack 1
08:46:01.527    Number of processors: 4 586 0x2A07
08:46:01.527    ComputerName: NB-MARKUS  UserName: markus
08:46:03.165    Initialize success
08:46:09.935    AVAST engine defs: 13020601
08:46:19.357    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:46:19.357    Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3
08:46:19.435    Disk 0 MBR read successfully
08:46:19.435    Disk 0 MBR scan
08:46:19.545    Disk 0 unknown MBR code
08:46:19.560    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
08:46:19.560    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       288043 MB offset 2459648
08:46:19.607    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16000 MB offset 592371712
08:46:19.638    Disk 0 scanning C:\Windows\system32\drivers
08:46:34.864    Service scanning
08:46:58.872    Modules scanning
08:46:58.888    Disk 0 trace - called modules:
08:46:58.966    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt58.sys ACPI.sys iaStor.sys hal.dll 
08:46:58.982    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a24060]
08:46:58.982    3 CLASSPNP.SYS[fffff880019b543f] -> nt!IofCallDriver -> [0xfffffa8009887d10]
08:46:58.997    5 vsflt58.sys[fffff88000ebc0ed] -> nt!IofCallDriver -> [0xfffffa80074eebe0]
08:46:58.997    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80074d0050]
08:46:59.013    Scan finished successfully
08:47:09.699    Disk 0 MBR has been saved successfully to "C:\Users\markus\Downloads\MBR.dat"
08:47:09.699    The log file has been saved successfully to "C:\Users\markus\Downloads\aswMBR.txt"

cosinus · 07.02.2013, 10:50

Irgendwas scheint mit deinem MBR nicht richtig zu sein.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Mirkusmach · 07.02.2013, 11:09

Ich kann dir mit dem Master-Boot-Record nicht ganz folgen. Was bedeutet das?

Code:

ATTFilter

11:06:59.0481 8036  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:06:59.0951 8036  ============================================================
11:06:59.0951 8036  Current date / time: 2013/02/07 11:06:59.0951
11:06:59.0951 8036  SystemInfo:
11:06:59.0951 8036  
11:06:59.0951 8036  OS Version: 6.1.7601 ServicePack: 1.0
11:06:59.0951 8036  Product type: Workstation
11:06:59.0951 8036  ComputerName: NB-MARKUS
11:06:59.0951 8036  UserName: markus
11:06:59.0951 8036  Windows directory: C:\Windows
11:06:59.0951 8036  System windows directory: C:\Windows
11:06:59.0951 8036  Running under WOW64
11:06:59.0951 8036  Processor architecture: Intel x64
11:06:59.0951 8036  Number of processors: 4
11:06:59.0951 8036  Page size: 0x1000
11:06:59.0951 8036  Boot type: Normal boot
11:06:59.0951 8036  ============================================================
11:07:00.0358 8036  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:00.0372 8036  ============================================================
11:07:00.0372 8036  \Device\Harddisk0\DR0:
11:07:00.0373 8036  MBR partitions:
11:07:00.0373 8036  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
11:07:00.0373 8036  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23295800
11:07:00.0373 8036  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x234EE000, BlocksNum 0x1F40000
11:07:00.0373 8036  ============================================================
11:07:00.0385 8036  C: <-> \Device\Harddisk0\DR0\Partition2
11:07:00.0472 8036  Q: <-> \Device\Harddisk0\DR0\Partition3
11:07:00.0472 8036  ============================================================
11:07:00.0472 8036  Initialize success
11:07:00.0472 8036  ============================================================
11:07:08.0176 7296  ============================================================
11:07:08.0176 7296  Scan started
11:07:08.0176 7296  Mode: Manual; SigCheck; TDLFS; 
11:07:08.0176 7296  ============================================================
11:07:10.0135 7296  ================ Scan system memory ========================
11:07:10.0135 7296  System memory - ok
11:07:10.0136 7296  ================ Scan services =============================
11:07:10.0265 7296  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:07:10.0361 7296  1394ohci - ok
11:07:10.0399 7296  [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
11:07:10.0463 7296  5U877 - ok
11:07:10.0497 7296  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:07:10.0525 7296  ACPI - ok
11:07:10.0574 7296  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:07:10.0612 7296  AcpiPmi - ok
11:07:10.0713 7296  [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
11:07:10.0740 7296  AcPrfMgrSvc - ok
11:07:10.0889 7296  [ F6783C115BA943407CA6A604C7013ABE ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:07:10.0964 7296  AcrSch2Svc - ok
11:07:11.0020 7296  [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
11:07:11.0030 7296  AcSvc - ok
11:07:11.0072 7296  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:07:11.0092 7296  adp94xx - ok
11:07:11.0135 7296  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:07:11.0152 7296  adpahci - ok
11:07:11.0169 7296  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:07:11.0183 7296  adpu320 - ok
11:07:11.0211 7296  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:07:11.0341 7296  AeLookupSvc - ok
11:07:11.0426 7296  [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
11:07:11.0458 7296  afcdp - ok
11:07:11.0592 7296  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
11:07:11.0725 7296  afcdpsrv - ok
11:07:11.0804 7296  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:07:11.0868 7296  AFD - ok
11:07:11.0900 7296  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:07:11.0917 7296  agp440 - ok
11:07:11.0952 7296  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:07:12.0003 7296  ALG - ok
11:07:12.0021 7296  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:07:12.0044 7296  aliide - ok
11:07:12.0067 7296  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:07:12.0077 7296  amdide - ok
11:07:12.0098 7296  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:07:12.0122 7296  AmdK8 - ok
11:07:12.0139 7296  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:07:12.0152 7296  AmdPPM - ok
11:07:12.0184 7296  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:07:12.0197 7296  amdsata - ok
11:07:12.0214 7296  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:07:12.0229 7296  amdsbs - ok
11:07:12.0238 7296  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:07:12.0248 7296  amdxata - ok
11:07:12.0282 7296  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:07:12.0316 7296  AppID - ok
11:07:12.0361 7296  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:07:12.0427 7296  AppIDSvc - ok
11:07:12.0466 7296  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:07:12.0562 7296  Appinfo - ok
11:07:12.0616 7296  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:07:12.0640 7296  Apple Mobile Device - ok
11:07:12.0702 7296  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:07:12.0760 7296  AppMgmt - ok
11:07:12.0781 7296  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:07:12.0807 7296  arc - ok
11:07:12.0843 7296  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:07:12.0860 7296  arcsas - ok
11:07:12.0880 7296  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:07:12.0931 7296  AsyncMac - ok
11:07:12.0974 7296  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:07:12.0996 7296  atapi - ok
11:07:13.0031 7296  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:07:13.0118 7296  AudioEndpointBuilder - ok
11:07:13.0154 7296  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:07:13.0204 7296  AudioSrv - ok
11:07:13.0312 7296  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
11:07:13.0342 7296  AVP - ok
11:07:13.0409 7296  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:07:13.0463 7296  AxInstSV - ok
11:07:13.0531 7296  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:07:13.0586 7296  b06bdrv - ok
11:07:13.0618 7296  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:07:13.0658 7296  b57nd60a - ok
11:07:13.0685 7296  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:07:13.0731 7296  BDESVC - ok
11:07:13.0744 7296  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:07:13.0787 7296  Beep - ok
11:07:13.0851 7296  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:07:13.0938 7296  BFE - ok
11:07:14.0009 7296  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:07:14.0132 7296  BITS - ok
11:07:14.0165 7296  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:07:14.0190 7296  blbdrive - ok
11:07:14.0268 7296  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:07:14.0298 7296  Bonjour Service - ok
11:07:14.0325 7296  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:07:14.0377 7296  bowser - ok
11:07:14.0400 7296  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:07:14.0441 7296  BrFiltLo - ok
11:07:14.0459 7296  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:07:14.0477 7296  BrFiltUp - ok
11:07:14.0527 7296  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:07:14.0554 7296  Browser - ok
11:07:14.0572 7296  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:07:14.0616 7296  Brserid - ok
11:07:14.0631 7296  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:07:14.0655 7296  BrSerWdm - ok
11:07:14.0667 7296  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:07:14.0691 7296  BrUsbMdm - ok
11:07:14.0704 7296  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:07:14.0730 7296  BrUsbSer - ok
11:07:14.0749 7296  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:07:14.0782 7296  BthEnum - ok
11:07:14.0798 7296  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:07:14.0823 7296  BTHMODEM - ok
11:07:14.0845 7296  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:07:14.0876 7296  BthPan - ok
11:07:14.0918 7296  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:07:14.0958 7296  BTHPORT - ok
11:07:15.0001 7296  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:07:15.0064 7296  bthserv - ok
11:07:15.0082 7296  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:07:15.0101 7296  BTHUSB - ok
11:07:15.0147 7296  [ 8834F87A6A745872894DF8223201A6C3 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
11:07:15.0191 7296  BTWAMPFL - ok
11:07:15.0219 7296  [ 9863D82ECBEC6106D377ED73680D99D8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:07:15.0233 7296  btwaudio - ok
11:07:15.0249 7296  [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:07:15.0264 7296  btwavdt - ok
11:07:15.0306 7296  [ EB4AFE08FB39BB444F221D7D501E0915 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
11:07:15.0350 7296  btwdins - ok
11:07:15.0366 7296  [ 382DC5A631CED0462EA09B7EB898BDBF ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:07:15.0374 7296  btwl2cap - ok
11:07:15.0387 7296  [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:07:15.0394 7296  btwrchid - ok
11:07:15.0414 7296  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:07:15.0457 7296  cdfs - ok
11:07:15.0495 7296  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:07:15.0538 7296  cdrom - ok
11:07:15.0576 7296  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:07:15.0627 7296  CertPropSvc - ok
11:07:15.0641 7296  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:07:15.0659 7296  circlass - ok
11:07:15.0673 7296  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:07:15.0692 7296  CLFS - ok
11:07:15.0757 7296  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:15.0784 7296  clr_optimization_v2.0.50727_32 - ok
11:07:15.0822 7296  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:07:15.0847 7296  clr_optimization_v2.0.50727_64 - ok
11:07:15.0889 7296  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:15.0917 7296  clr_optimization_v4.0.30319_32 - ok
11:07:15.0933 7296  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:07:15.0944 7296  clr_optimization_v4.0.30319_64 - ok
11:07:15.0970 7296  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:07:15.0993 7296  CmBatt - ok
11:07:16.0009 7296  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:07:16.0020 7296  cmdide - ok
11:07:16.0066 7296  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:07:16.0128 7296  CNG - ok
11:07:16.0178 7296  [ DB6F09464C57606892BF6D2458483417 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
11:07:16.0212 7296  CnxtHdAudService - ok
11:07:16.0232 7296  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:07:16.0241 7296  Compbatt - ok
11:07:16.0256 7296  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:07:16.0281 7296  CompositeBus - ok
11:07:16.0291 7296  COMSysApp - ok
11:07:16.0305 7296  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:07:16.0314 7296  crcdisk - ok
11:07:16.0376 7296  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:07:16.0416 7296  CryptSvc - ok
11:07:16.0442 7296  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:07:16.0508 7296  CSC - ok
11:07:16.0544 7296  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:07:16.0590 7296  CscService - ok
11:07:16.0615 7296  [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
11:07:16.0627 7296  CxAudMsg - ok
11:07:16.0681 7296  [ 8491CB08BD8248EAA31FBCA5135794B1 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
11:07:16.0702 7296  dc3d - ok
11:07:16.0749 7296  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:07:16.0826 7296  DcomLaunch - ok
11:07:16.0840 7296  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:07:16.0886 7296  defragsvc - ok
11:07:16.0905 7296  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:07:16.0948 7296  DfsC - ok
11:07:16.0969 7296  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:07:16.0992 7296  Dhcp - ok
11:07:17.0009 7296  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:07:17.0048 7296  discache - ok
11:07:17.0078 7296  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:07:17.0087 7296  Disk - ok
11:07:17.0096 7296  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:07:17.0128 7296  dmvsc - ok
11:07:17.0145 7296  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:07:17.0180 7296  Dnscache - ok
11:07:17.0191 7296  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:07:17.0236 7296  dot3svc - ok
11:07:17.0297 7296  [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
11:07:17.0328 7296  DozeSvc - ok
11:07:17.0345 7296  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:07:17.0384 7296  DPS - ok
11:07:17.0410 7296  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:07:17.0447 7296  drmkaud - ok
11:07:17.0481 7296  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:07:17.0496 7296  dtsoftbus01 - ok
11:07:17.0523 7296  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:07:17.0548 7296  DXGKrnl - ok
11:07:17.0580 7296  [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
11:07:17.0587 7296  DzHDD64 - ok
11:07:17.0634 7296  [ 426A0AE0B9F4F1CF4BA6FAF4EE28E5B0 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
11:07:17.0661 7296  e1cexpress - ok
11:07:17.0690 7296  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:07:17.0735 7296  EapHost - ok
11:07:17.0813 7296  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:07:18.0011 7296  ebdrv - ok
11:07:18.0044 7296  [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis       C:\Windows\system32\Drivers\wwuss64.sys
11:07:18.0056 7296  ecnssndis - ok
11:07:18.0070 7296  [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr   C:\Windows\system32\Drivers\wwussf64.sys
11:07:18.0082 7296  ecnssndisfltr - ok
11:07:18.0131 7296  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:07:18.0161 7296  EFS - ok
11:07:18.0206 7296  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:07:18.0280 7296  ehRecvr - ok
11:07:18.0296 7296  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:07:18.0317 7296  ehSched - ok
11:07:18.0353 7296  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:07:18.0374 7296  elxstor - ok
11:07:18.0386 7296  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:07:18.0398 7296  ErrDev - ok
11:07:18.0431 7296  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:07:18.0480 7296  EventSystem - ok
11:07:18.0558 7296  [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:07:18.0602 7296  EvtEng - ok
11:07:18.0625 7296  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:07:18.0663 7296  exfat - ok
11:07:18.0679 7296  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:07:18.0732 7296  fastfat - ok
11:07:18.0765 7296  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:07:18.0837 7296  Fax - ok
11:07:18.0852 7296  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:07:18.0872 7296  fdc - ok
11:07:18.0891 7296  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:07:18.0928 7296  fdPHost - ok
11:07:18.0955 7296  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:07:19.0003 7296  FDResPub - ok
11:07:19.0031 7296  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:07:19.0041 7296  FileInfo - ok
11:07:19.0050 7296  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:07:19.0087 7296  Filetrace - ok
11:07:19.0099 7296  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:07:19.0110 7296  flpydisk - ok
11:07:19.0122 7296  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:07:19.0137 7296  FltMgr - ok
11:07:19.0198 7296  [ B8AFE7A30D34C0E9FDBA81632294547C ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
11:07:19.0219 7296  fltsrv - ok
11:07:19.0251 7296  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
11:07:19.0314 7296  FontCache - ok
11:07:19.0347 7296  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:07:19.0355 7296  FontCache3.0.0.0 - ok
11:07:19.0362 7296  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:07:19.0373 7296  FsDepends - ok
11:07:19.0431 7296  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:07:19.0457 7296  Fs_Rec - ok
11:07:19.0481 7296  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:07:19.0505 7296  fvevol - ok
11:07:19.0527 7296  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:07:19.0537 7296  gagp30kx - ok
11:07:19.0568 7296  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:07:19.0576 7296  GEARAspiWDM - ok
11:07:19.0612 7296  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:07:19.0675 7296  gpsvc - ok
11:07:19.0685 7296  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:07:19.0718 7296  hcw85cir - ok
11:07:19.0744 7296  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:07:19.0770 7296  HdAudAddService - ok
11:07:19.0790 7296  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:07:19.0816 7296  HDAudBus - ok
11:07:19.0819 7296  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:07:19.0830 7296  HidBatt - ok
11:07:19.0838 7296  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:07:19.0854 7296  HidBth - ok
11:07:19.0867 7296  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:07:19.0880 7296  HidIr - ok
11:07:19.0890 7296  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:07:19.0935 7296  hidserv - ok
11:07:19.0952 7296  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:07:19.0964 7296  HidUsb - ok
11:07:19.0988 7296  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:07:20.0031 7296  hkmsvc - ok
11:07:20.0066 7296  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:07:20.0089 7296  HomeGroupListener - ok
11:07:20.0109 7296  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:07:20.0132 7296  HomeGroupProvider - ok
11:07:20.0151 7296  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:07:20.0162 7296  HpSAMD - ok
11:07:20.0198 7296  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:07:20.0264 7296  HTTP - ok
11:07:20.0278 7296  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:07:20.0287 7296  hwpolicy - ok
11:07:20.0331 7296  [ 9149907FF8681AD6475607EEBF62DD2F ] HyperW7Svc      C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
11:07:20.0356 7296  HyperW7Svc - ok
11:07:20.0377 7296  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:07:20.0396 7296  i8042prt - ok
11:07:20.0434 7296  [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
11:07:20.0454 7296  iaStor - ok
11:07:20.0483 7296  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:07:20.0505 7296  iaStorV - ok
11:07:20.0523 7296  [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:07:20.0533 7296  IBMPMDRV - ok
11:07:20.0543 7296  [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
11:07:20.0553 7296  IBMPMSVC - ok
11:07:20.0625 7296  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:07:20.0651 7296  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:07:20.0652 7296  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:07:20.0696 7296  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:07:20.0755 7296  idsvc - ok
11:07:20.0976 7296  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:07:21.0334 7296  igfx - ok
11:07:21.0372 7296  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:07:21.0389 7296  iirsp - ok
11:07:21.0530 7296  [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:07:21.0557 7296  IJPLMSVC - ok
11:07:21.0588 7296  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:07:21.0657 7296  IKEEXT - ok
11:07:21.0698 7296  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:07:21.0723 7296  IntcDAud - ok
11:07:21.0734 7296  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:07:21.0743 7296  intelide - ok
11:07:21.0774 7296  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:07:21.0796 7296  intelppm - ok
11:07:21.0817 7296  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:07:21.0851 7296  IPBusEnum - ok
11:07:21.0862 7296  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:07:21.0894 7296  IpFilterDriver - ok
11:07:21.0945 7296  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:07:21.0980 7296  iphlpsvc - ok
11:07:21.0983 7296  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:07:21.0996 7296  IPMIDRV - ok
11:07:22.0009 7296  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:07:22.0054 7296  IPNAT - ok
11:07:22.0104 7296  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:07:22.0148 7296  iPod Service - ok
11:07:22.0167 7296  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:07:22.0188 7296  IRENUM - ok
11:07:22.0203 7296  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:07:22.0212 7296  isapnp - ok
11:07:22.0224 7296  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:07:22.0239 7296  iScsiPrt - ok
11:07:22.0299 7296  [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
11:07:22.0314 7296  jhi_service - ok
11:07:22.0325 7296  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:07:22.0336 7296  kbdclass - ok
11:07:22.0358 7296  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:07:22.0384 7296  kbdhid - ok
11:07:22.0396 7296  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:07:22.0408 7296  KeyIso - ok
11:07:22.0436 7296  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
11:07:22.0453 7296  KL1 - ok
11:07:22.0462 7296  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
11:07:22.0469 7296  kl2 - ok
11:07:22.0513 7296  [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
11:07:22.0529 7296  KLIF - ok
11:07:22.0537 7296  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
11:07:22.0550 7296  KLIM6 - ok
11:07:22.0572 7296  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
11:07:22.0580 7296  klmouflt - ok
11:07:22.0633 7296  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:07:22.0652 7296  KSecDD - ok
11:07:22.0667 7296  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:07:22.0681 7296  KSecPkg - ok
11:07:22.0694 7296  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:07:22.0732 7296  ksthunk - ok
11:07:22.0762 7296  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:07:22.0802 7296  KtmRm - ok
11:07:22.0858 7296  [ 4C0641D4DCDE9A84B9DB537277C2ADF8 ] kx1avs          C:\Windows\system32\Drivers\kx1avs.sys
11:07:22.0889 7296  kx1avs - ok
11:07:22.0909 7296  [ DF95DF5C8238B5A8C411538A2C834955 ] kx1usb_svc      C:\Windows\system32\Drivers\kx1usb.sys
11:07:22.0921 7296  kx1usb_svc - ok
11:07:22.0952 7296  [ C864875E87E6B790471516856FC1F5C2 ] l36wgps         C:\Windows\system32\DRIVERS\l36wgps64.sys
11:07:22.0963 7296  l36wgps - ok
11:07:22.0997 7296  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:07:23.0056 7296  LanmanServer - ok
11:07:23.0077 7296  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:07:23.0122 7296  LanmanWorkstation - ok
11:07:23.0264 7296  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:07:23.0307 7296  LBTServ - ok
11:07:23.0363 7296  [ 1EF45F1BD62B8F4C19458326A3E91930 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
11:07:23.0384 7296  LENOVO.CAMMUTE - ok
11:07:23.0435 7296  [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:07:23.0456 7296  LENOVO.MICMUTE - ok
11:07:23.0479 7296  [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
11:07:23.0490 7296  lenovo.smi - ok
11:07:23.0508 7296  [ 448BE3E001004A55E8A959C57E17F6D8 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
11:07:23.0519 7296  LENOVO.TPKNRSVC - ok
11:07:23.0554 7296  [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:07:23.0566 7296  Lenovo.VIRTSCRLSVC - ok
11:07:23.0622 7296  [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
11:07:23.0635 7296  LEqdUsb - ok
11:07:23.0649 7296  [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
11:07:23.0661 7296  LHidEqd - ok
11:07:23.0711 7296  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:07:23.0720 7296  LHidFilt - ok
11:07:23.0752 7296  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:07:23.0792 7296  lltdio - ok
11:07:23.0803 7296  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:07:23.0850 7296  lltdsvc - ok
11:07:23.0883 7296  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:07:23.0945 7296  lmhosts - ok
11:07:23.0991 7296  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:07:24.0017 7296  LMouFilt - ok
11:07:24.0051 7296  [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:07:24.0080 7296  LMS - ok
11:07:24.0108 7296  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:07:24.0119 7296  LSI_FC - ok
11:07:24.0147 7296  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:07:24.0159 7296  LSI_SAS - ok
11:07:24.0169 7296  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:07:24.0180 7296  LSI_SAS2 - ok
11:07:24.0189 7296  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:07:24.0201 7296  LSI_SCSI - ok
11:07:24.0217 7296  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:07:24.0260 7296  luafv - ok
11:07:24.0284 7296  [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20 ] Mbm3CBus        C:\Windows\system32\DRIVERS\Mbm3CBus.sys
11:07:24.0297 7296  Mbm3CBus - ok
11:07:24.0324 7296  [ 01E60917101B309E15F30DA26ACF64F6 ] Mbm3DevMt       C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
11:07:24.0337 7296  Mbm3DevMt - ok
11:07:24.0367 7296  [ 6350A2CA21FB7B14432EFFDC61863AED ] Mbm3mdfl        C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
11:07:24.0375 7296  Mbm3mdfl - ok
11:07:24.0395 7296  [ 9FC3A8713D148E15D0472E1C44DD0FDA ] Mbm3Mdm         C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
11:07:24.0408 7296  Mbm3Mdm - ok
11:07:24.0428 7296  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:07:24.0452 7296  Mcx2Svc - ok
11:07:24.0462 7296  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:07:24.0471 7296  megasas - ok
11:07:24.0485 7296  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:07:24.0501 7296  MegaSR - ok
11:07:24.0514 7296  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:07:24.0521 7296  MEIx64 - ok
11:07:24.0542 7296  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:07:24.0576 7296  MMCSS - ok
11:07:24.0593 7296  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:07:24.0637 7296  Modem - ok
11:07:24.0674 7296  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:07:24.0712 7296  monitor - ok
11:07:24.0737 7296  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:07:24.0752 7296  mouclass - ok
11:07:24.0768 7296  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:07:24.0784 7296  mouhid - ok
11:07:24.0795 7296  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:07:24.0805 7296  mountmgr - ok
11:07:24.0816 7296  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:07:24.0829 7296  mpio - ok
11:07:24.0837 7296  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:07:24.0869 7296  mpsdrv - ok
11:07:24.0900 7296  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:07:24.0961 7296  MpsSvc - ok
11:07:24.0973 7296  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:07:25.0001 7296  MRxDAV - ok
11:07:25.0023 7296  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:25.0069 7296  mrxsmb - ok
11:07:25.0089 7296  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:25.0123 7296  mrxsmb10 - ok
11:07:25.0141 7296  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:25.0160 7296  mrxsmb20 - ok
11:07:25.0178 7296  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:07:25.0192 7296  msahci - ok
11:07:25.0211 7296  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:07:25.0230 7296  msdsm - ok
11:07:25.0249 7296  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:07:25.0285 7296  MSDTC - ok
11:07:25.0305 7296  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:07:25.0350 7296  Msfs - ok
11:07:25.0362 7296  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:07:25.0405 7296  mshidkmdf - ok
11:07:25.0413 7296  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:07:25.0422 7296  msisadrv - ok
11:07:25.0450 7296  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:07:25.0485 7296  MSiSCSI - ok
11:07:25.0488 7296  msiserver - ok
11:07:25.0509 7296  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:07:25.0549 7296  MSKSSRV - ok
11:07:25.0563 7296  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:25.0599 7296  MSPCLOCK - ok
11:07:25.0603 7296  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:07:25.0633 7296  MSPQM - ok
11:07:25.0648 7296  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:07:25.0665 7296  MsRPC - ok
11:07:25.0673 7296  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:07:25.0683 7296  mssmbios - ok
11:07:25.0690 7296  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:07:25.0725 7296  MSTEE - ok
11:07:25.0739 7296  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:07:25.0750 7296  MTConfig - ok
11:07:25.0760 7296  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:07:25.0770 7296  Mup - ok
11:07:25.0799 7296  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:07:25.0844 7296  napagent - ok
11:07:25.0874 7296  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:07:25.0912 7296  NativeWifiP - ok
11:07:25.0960 7296  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:07:26.0007 7296  NDIS - ok
11:07:26.0023 7296  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:26.0060 7296  NdisCap - ok
11:07:26.0078 7296  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:26.0108 7296  NdisTapi - ok
11:07:26.0130 7296  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:26.0161 7296  Ndisuio - ok
11:07:26.0173 7296  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:26.0216 7296  NdisWan - ok
11:07:26.0231 7296  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:07:26.0268 7296  NDProxy - ok
11:07:26.0278 7296  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:07:26.0319 7296  NetBIOS - ok
11:07:26.0333 7296  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:07:26.0368 7296  NetBT - ok
11:07:26.0378 7296  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:07:26.0390 7296  Netlogon - ok
11:07:26.0418 7296  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:07:26.0463 7296  Netman - ok
11:07:26.0486 7296  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:07:26.0542 7296  netprofm - ok
11:07:26.0571 7296  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:07:26.0582 7296  NetTcpPortSharing - ok
11:07:26.0755 7296  [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
11:07:26.0980 7296  NETwNs64 - ok
11:07:27.0007 7296  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:07:27.0016 7296  nfrd960 - ok
11:07:27.0269 7296  [ 934B270F30B2373FF5B0F16BC19ECA30 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
11:07:27.0463 7296  NIHardwareService - ok
11:07:27.0523 7296  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:07:27.0566 7296  NlaSvc - ok
11:07:27.0585 7296  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:07:27.0627 7296  Npfs - ok
11:07:27.0648 7296  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:07:27.0680 7296  nsi - ok
11:07:27.0688 7296  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:07:27.0727 7296  nsiproxy - ok
11:07:27.0802 7296  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:07:27.0864 7296  Ntfs - ok
11:07:27.0911 7296  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
11:07:27.0918 7296  NuidFltr - ok
11:07:27.0922 7296  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:07:27.0971 7296  Null - ok
11:07:28.0046 7296  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
11:07:28.0080 7296  nusb3hub - ok
11:07:28.0106 7296  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:07:28.0140 7296  nusb3xhc - ok
11:07:28.0168 7296  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:07:28.0187 7296  nvraid - ok
11:07:28.0207 7296  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:07:28.0226 7296  nvstor - ok
11:07:28.0239 7296  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:07:28.0257 7296  nv_agp - ok
11:07:28.0353 7296  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:07:28.0387 7296  odserv - ok
11:07:28.0403 7296  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:07:28.0422 7296  ohci1394 - ok
11:07:28.0488 7296  [ D29D5E61A5722630BB58940D1E4E231A ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
11:07:28.0514 7296  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
11:07:28.0514 7296  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
11:07:28.0573 7296  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:28.0598 7296  ose - ok
11:07:28.0822 7296  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:07:29.0028 7296  osppsvc - ok
11:07:29.0052 7296  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:07:29.0085 7296  p2pimsvc - ok
11:07:29.0105 7296  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:07:29.0134 7296  p2psvc - ok
11:07:29.0154 7296  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:07:29.0168 7296  Parport - ok
11:07:29.0211 7296  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:07:29.0239 7296  partmgr - ok
11:07:29.0253 7296  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:07:29.0292 7296  PcaSvc - ok
11:07:29.0310 7296  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:07:29.0323 7296  pci - ok
11:07:29.0338 7296  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:07:29.0347 7296  pciide - ok
11:07:29.0364 7296  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:07:29.0378 7296  pcmcia - ok
11:07:29.0390 7296  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:07:29.0399 7296  pcw - ok
11:07:29.0417 7296  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:07:29.0461 7296  PEAUTH - ok
11:07:29.0488 7296  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:07:29.0545 7296  PeerDistSvc - ok
11:07:29.0630 7296  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:07:29.0669 7296  PerfHost - ok
11:07:29.0692 7296  [ 18EEA095AF22AC5FA16FC27FB98C82D3 ] PHCORE          C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
11:07:29.0701 7296  PHCORE - ok
11:07:29.0735 7296  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:07:29.0812 7296  pla - ok
11:07:29.0844 7296  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:07:29.0883 7296  PlugPlay - ok
11:07:29.0900 7296  [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
11:07:29.0908 7296  pmxdrv - ok
11:07:29.0921 7296  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:07:29.0941 7296  PNRPAutoReg - ok
11:07:29.0954 7296  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:07:29.0968 7296  PNRPsvc - ok
11:07:30.0015 7296  [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
11:07:30.0036 7296  Point64 - ok
11:07:30.0065 7296  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:07:30.0117 7296  PolicyAgent - ok
11:07:30.0146 7296  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
11:07:30.0173 7296  Power - ok
11:07:30.0221 7296  [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:07:30.0235 7296  Power Manager DBC Service - ok
11:07:30.0258 7296  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:07:30.0317 7296  PptpMiniport - ok
11:07:30.0330 7296  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:07:30.0349 7296  Processor - ok
11:07:30.0403 7296  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:07:30.0435 7296  ProfSvc - ok
11:07:30.0451 7296  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:07:30.0466 7296  ProtectedStorage - ok
11:07:30.0483 7296  [ A70AD30223866947E39BC221DF4C2306 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
11:07:30.0494 7296  psadd - ok
11:07:30.0512 7296  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:07:30.0560 7296  Psched - ok
11:07:30.0586 7296  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:07:30.0596 7296  PSI_SVC_2 - ok
11:07:30.0627 7296  [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
11:07:30.0640 7296  PwmEWSvc - ok
11:07:30.0701 7296  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:07:30.0766 7296  ql2300 - ok
11:07:30.0778 7296  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:07:30.0794 7296  ql40xx - ok
11:07:30.0819 7296  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:07:30.0846 7296  QWAVE - ok
11:07:30.0857 7296  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:07:30.0880 7296  QWAVEdrv - ok
11:07:30.0894 7296  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:07:30.0924 7296  RasAcd - ok
11:07:30.0955 7296  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:30.0985 7296  RasAgileVpn - ok
11:07:30.0995 7296  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:07:31.0040 7296  RasAuto - ok
11:07:31.0053 7296  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:31.0093 7296  Rasl2tp - ok
11:07:31.0117 7296  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:07:31.0154 7296  RasMan - ok
11:07:31.0166 7296  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:31.0208 7296  RasPppoe - ok
11:07:31.0219 7296  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:07:31.0258 7296  RasSstp - ok
11:07:31.0277 7296  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:07:31.0324 7296  rdbss - ok
11:07:31.0337 7296  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:31.0351 7296  rdpbus - ok
11:07:31.0369 7296  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:31.0399 7296  RDPCDD - ok
11:07:31.0417 7296  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:07:31.0444 7296  RDPDR - ok
11:07:31.0449 7296  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:07:31.0485 7296  RDPENCDD - ok
11:07:31.0500 7296  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:07:31.0531 7296  RDPREFMP - ok
11:07:31.0572 7296  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:07:31.0614 7296  RDPWD - ok
11:07:31.0641 7296  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:07:31.0669 7296  rdyboost - ok
11:07:31.0716 7296  [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:07:31.0755 7296  RegSrvc - ok
11:07:31.0777 7296  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:07:31.0822 7296  RemoteAccess - ok
11:07:31.0851 7296  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:07:31.0899 7296  RemoteRegistry - ok
11:07:31.0934 7296  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:07:31.0978 7296  RFCOMM - ok
11:07:32.0002 7296  [ 819FE65AE1C0312B535B7AA54D30CFDA ] risdxc          C:\Windows\system32\DRIVERS\risdxc64.sys
11:07:32.0032 7296  risdxc - ok
11:07:32.0063 7296  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:07:32.0117 7296  RpcEptMapper - ok
11:07:32.0125 7296  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:07:32.0149 7296  RpcLocator - ok
11:07:32.0164 7296  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:07:32.0200 7296  RpcSs - ok
11:07:32.0225 7296  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:07:32.0259 7296  rspndr - ok
11:07:32.0273 7296  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:07:32.0294 7296  s3cap - ok
11:07:32.0305 7296  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:07:32.0317 7296  SamSs - ok
11:07:32.0319 7296  SAService - ok
11:07:32.0334 7296  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:07:32.0345 7296  sbp2port - ok
11:07:32.0361 7296  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:07:32.0403 7296  SCardSvr - ok
11:07:32.0416 7296  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:07:32.0457 7296  scfilter - ok
11:07:32.0485 7296  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:07:32.0554 7296  Schedule - ok
11:07:32.0582 7296  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:07:32.0612 7296  SCPolicySvc - ok
11:07:32.0624 7296  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:07:32.0660 7296  SDRSVC - ok
11:07:32.0677 7296  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:07:32.0715 7296  secdrv - ok
11:07:32.0728 7296  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:07:32.0762 7296  seclogon - ok
11:07:32.0784 7296  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:07:32.0819 7296  SENS - ok
11:07:32.0825 7296  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:07:32.0856 7296  SensrSvc - ok
11:07:32.0871 7296  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:07:32.0893 7296  Serenum - ok
11:07:32.0909 7296  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:07:32.0943 7296  Serial - ok
11:07:32.0964 7296  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:07:32.0985 7296  sermouse - ok
11:07:33.0004 7296  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:07:33.0056 7296  SessionEnv - ok
11:07:33.0073 7296  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:07:33.0089 7296  sffdisk - ok
11:07:33.0095 7296  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:07:33.0112 7296  sffp_mmc - ok
11:07:33.0115 7296  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:07:33.0132 7296  sffp_sd - ok
11:07:33.0146 7296  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:07:33.0157 7296  sfloppy - ok
11:07:33.0181 7296  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:07:33.0220 7296  SharedAccess - ok
11:07:33.0239 7296  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:07:33.0280 7296  ShellHWDetection - ok
11:07:33.0303 7296  [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
11:07:33.0314 7296  Shockprf - ok
11:07:33.0332 7296  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:07:33.0341 7296  SiSRaid2 - ok
11:07:33.0352 7296  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:07:33.0363 7296  SiSRaid4 - ok
11:07:33.0434 7296  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:07:33.0464 7296  SkypeUpdate - ok
11:07:33.0488 7296  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:07:33.0536 7296  Smb - ok
11:07:33.0565 7296  smihlp2 - ok
11:07:33.0622 7296  [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
11:07:33.0661 7296  snapman - ok
11:07:33.0682 7296  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:07:33.0711 7296  SNMPTRAP - ok
11:07:33.0721 7296  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:07:33.0733 7296  spldr - ok
11:07:33.0793 7296  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:07:33.0836 7296  Spooler - ok
11:07:33.0922 7296  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:07:34.0024 7296  sppsvc - ok
11:07:34.0031 7296  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:07:34.0065 7296  sppuinotify - ok
11:07:34.0089 7296  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:07:34.0127 7296  srv - ok
11:07:34.0146 7296  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:07:34.0170 7296  srv2 - ok
11:07:34.0181 7296  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:07:34.0194 7296  srvnet - ok
11:07:34.0216 7296  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:07:34.0252 7296  SSDPSRV - ok
11:07:34.0264 7296  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:07:34.0299 7296  SstpSvc - ok
11:07:34.0319 7296  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:07:34.0329 7296  stexstor - ok
11:07:34.0348 7296  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:07:34.0427 7296  stisvc - ok
11:07:34.0451 7296  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:07:34.0461 7296  storflt - ok
11:07:34.0471 7296  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:07:34.0500 7296  StorSvc - ok
11:07:34.0520 7296  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:07:34.0529 7296  storvsc - ok
11:07:34.0587 7296  [ 787D181332401B04DA4EDC422193C47B ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:07:34.0608 7296  SUService - ok
11:07:34.0630 7296  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:07:34.0643 7296  swenum - ok
11:07:34.0667 7296  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:07:34.0735 7296  swprv - ok
11:07:34.0775 7296  [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:07:34.0801 7296  SynTP - ok
11:07:34.0835 7296  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:07:34.0903 7296  SysMain - ok
11:07:34.0918 7296  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:07:34.0944 7296  TabletInputService - ok
11:07:34.0968 7296  [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:07:34.0991 7296  tap0901 - ok
11:07:35.0010 7296  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:07:35.0047 7296  TapiSrv - ok
11:07:35.0058 7296  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:07:35.0093 7296  TBS - ok
11:07:35.0174 7296  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:07:35.0237 7296  Tcpip - ok
11:07:35.0293 7296  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:07:35.0329 7296  TCPIP6 - ok
11:07:35.0372 7296  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:07:35.0382 7296  tcpipreg - ok
11:07:35.0402 7296  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:07:35.0427 7296  TDPIPE - ok
11:07:35.0503 7296  [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
11:07:35.0569 7296  tdrpman273 - ok
11:07:35.0612 7296  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:07:35.0622 7296  TDTCP - ok
11:07:35.0647 7296  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:07:35.0691 7296  tdx - ok
11:07:35.0701 7296  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:07:35.0711 7296  TermDD - ok
11:07:35.0735 7296  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:07:35.0806 7296  TermService - ok
11:07:35.0815 7296  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:07:35.0832 7296  Themes - ok
11:07:35.0851 7296  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:07:35.0882 7296  THREADORDER - ok
11:07:35.0941 7296  [ EBBAEA02F0095A798000C7E06B16D41B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
11:07:35.0995 7296  timounter - ok
11:07:36.0016 7296  [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
11:07:36.0023 7296  TPDIGIMN - ok
11:07:36.0034 7296  [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
11:07:36.0045 7296  TPHDEXLGSVC - ok
11:07:36.0107 7296  [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:07:36.0131 7296  TPHKLOAD - ok
11:07:36.0179 7296  [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:07:36.0201 7296  TPHKSVC - ok
11:07:36.0232 7296  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
11:07:36.0260 7296  TPM - ok
11:07:36.0297 7296  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
11:07:36.0309 7296  TPPWRIF - ok
11:07:36.0345 7296  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:07:36.0410 7296  TrkWks - ok
11:07:36.0447 7296  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:07:36.0483 7296  TrustedInstaller - ok
11:07:36.0488 7296  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:36.0529 7296  tssecsrv - ok
11:07:36.0552 7296  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:07:36.0581 7296  TsUsbFlt - ok
11:07:36.0607 7296  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:07:36.0619 7296  TsUsbGD - ok
11:07:36.0644 7296  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:07:36.0687 7296  tunnel - ok
11:07:36.0715 7296  [ A65643ED30A30E46317C0B25818BC9B7 ] TVicPort64      C:\Windows\system32\drivers\TVicPort64.sys
11:07:36.0724 7296  TVicPort64 - ok
11:07:36.0745 7296  [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
11:07:36.0752 7296  TVTI2C - ok
11:07:36.0767 7296  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:07:36.0777 7296  uagp35 - ok
11:07:36.0790 7296  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:07:36.0836 7296  udfs - ok
11:07:36.0858 7296  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:07:36.0879 7296  UI0Detect - ok
11:07:36.0914 7296  [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
11:07:36.0936 7296  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
11:07:36.0936 7296  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
11:07:36.0965 7296  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:07:36.0988 7296  uliagpkx - ok
11:07:37.0004 7296  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:07:37.0030 7296  umbus - ok
11:07:37.0050 7296  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:07:37.0071 7296  UmPass - ok
11:07:37.0088 7296  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:07:37.0108 7296  UmRdpService - ok
11:07:37.0228 7296  [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:07:37.0288 7296  UNS - ok
11:07:37.0305 7296  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:07:37.0351 7296  upnphost - ok
11:07:37.0381 7296  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:07:37.0411 7296  USBAAPL64 - ok
11:07:37.0478 7296  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:07:37.0515 7296  usbaudio - ok
11:07:37.0534 7296  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:37.0564 7296  usbccgp - ok
11:07:37.0585 7296  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:07:37.0607 7296  usbcir - ok
11:07:37.0620 7296  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:07:37.0637 7296  usbehci - ok
11:07:37.0672 7296  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:07:37.0726 7296  usbhub - ok
11:07:37.0741 7296  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:07:37.0756 7296  usbohci - ok
11:07:37.0774 7296  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:07:37.0799 7296  usbprint - ok
11:07:37.0811 7296  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:07:37.0832 7296  USBSTOR - ok
11:07:37.0844 7296  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:07:37.0862 7296  usbuhci - ok
11:07:37.0885 7296  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:07:37.0902 7296  usbvideo - ok
11:07:37.0924 7296  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:07:38.0047 7296  UxSms - ok
11:07:38.0068 7296  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:07:38.0083 7296  VaultSvc - ok
11:07:38.0099 7296  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:07:38.0109 7296  vdrvroot - ok
11:07:38.0130 7296  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:07:38.0181 7296  vds - ok
11:07:38.0186 7296  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:38.0199 7296  vga - ok
11:07:38.0205 7296  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:07:38.0243 7296  VgaSave - ok
11:07:38.0257 7296  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:07:38.0271 7296  vhdmp - ok
11:07:38.0279 7296  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:07:38.0288 7296  viaide - ok
11:07:38.0334 7296  [ 6DC5D9A5BBA6A858D06B7ABEFBA1A1E6 ] vidsflt58       C:\Windows\system32\DRIVERS\vsflt58.sys
11:07:38.0359 7296  vidsflt58 - ok
11:07:38.0443 7296  [ 466BBCA3EF8D7D878B87543533590C97 ] VIPAppService   C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
11:07:38.0462 7296  VIPAppService - ok
11:07:38.0478 7296  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:07:38.0492 7296  vmbus - ok
11:07:38.0495 7296  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:07:38.0514 7296  VMBusHID - ok
11:07:38.0526 7296  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:07:38.0535 7296  volmgr - ok
11:07:38.0549 7296  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:07:38.0566 7296  volmgrx - ok
11:07:38.0578 7296  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:07:38.0593 7296  volsnap - ok
11:07:38.0613 7296  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:07:38.0626 7296  vsmraid - ok
11:07:38.0677 7296  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:07:38.0788 7296  VSS - ok
11:07:38.0802 7296  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:07:38.0822 7296  vwifibus - ok
11:07:38.0836 7296  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:07:38.0859 7296  vwififlt - ok
11:07:38.0879 7296  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:07:38.0918 7296  W32Time - ok
11:07:38.0927 7296  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:07:38.0947 7296  WacomPen - ok
11:07:38.0974 7296  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:07:39.0014 7296  WANARP - ok
11:07:39.0019 7296  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:07:39.0049 7296  Wanarpv6 - ok
11:07:39.0084 7296  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:07:39.0144 7296  wbengine - ok
11:07:39.0159 7296  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:07:39.0179 7296  WbioSrvc - ok
11:07:39.0192 7296  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:07:39.0222 7296  wcncsvc - ok
11:07:39.0232 7296  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:07:39.0263 7296  WcsPlugInService - ok
11:07:39.0272 7296  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:07:39.0281 7296  Wd - ok
11:07:39.0338 7296  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:07:39.0397 7296  Wdf01000 - ok
11:07:39.0414 7296  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:07:39.0514 7296  WdiServiceHost - ok
11:07:39.0521 7296  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:07:39.0545 7296  WdiSystemHost - ok
11:07:39.0559 7296  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:07:39.0594 7296  WebClient - ok
11:07:39.0607 7296  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:07:39.0652 7296  Wecsvc - ok
11:07:39.0665 7296  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:07:39.0705 7296  wercplsupport - ok
11:07:39.0726 7296  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:07:39.0760 7296  WerSvc - ok
11:07:39.0792 7296  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:39.0839 7296  WfpLwf - ok
11:07:39.0854 7296  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:07:39.0863 7296  WIMMount - ok
11:07:39.0882 7296  WinDefend - ok
11:07:39.0885 7296  WinHttpAutoProxySvc - ok
11:07:39.0941 7296  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:07:40.0002 7296  Winmgmt - ok
11:07:40.0041 7296  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:07:40.0116 7296  WinRM - ok
11:07:40.0154 7296  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
11:07:40.0189 7296  WinUsb - ok
11:07:40.0213 7296  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:07:40.0274 7296  Wlansvc - ok
11:07:40.0296 7296  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:07:40.0307 7296  wlcrasvc - ok
11:07:40.0429 7296  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:07:40.0477 7296  wlidsvc - ok
11:07:40.0502 7296  WMCoreService - ok
11:07:40.0525 7296  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:07:40.0537 7296  WmiAcpi - ok
11:07:40.0563 7296  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:07:40.0579 7296  wmiApSrv - ok
11:07:40.0593 7296  WMPNetworkSvc - ok
11:07:40.0609 7296  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:07:40.0631 7296  WPCSvc - ok
11:07:40.0641 7296  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:07:40.0657 7296  WPDBusEnum - ok
11:07:40.0663 7296  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:07:40.0695 7296  ws2ifsl - ok
11:07:40.0714 7296  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:07:40.0739 7296  wscsvc - ok
11:07:40.0741 7296  WSearch - ok
11:07:40.0814 7296  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:07:40.0921 7296  wuauserv - ok
11:07:40.0971 7296  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:07:41.0011 7296  WudfPf - ok
11:07:41.0042 7296  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:41.0071 7296  WUDFRd - ok
11:07:41.0121 7296  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:07:41.0178 7296  wudfsvc - ok
11:07:41.0201 7296  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:07:41.0257 7296  WwanSvc - ok
11:07:41.0288 7296  [ AA0A3A08A501237CD5BC4CFBFB64B3D6 ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
11:07:41.0300 7296  WwanUsbServ - ok
11:07:41.0324 7296  [ 1C10730D6E08DF46FAE8FC4E92BCB744 ] XONE_DX         C:\Windows\system32\Drivers\XONE_DX.sys
11:07:41.0342 7296  XONE_DX - ok
11:07:41.0362 7296  [ 7C564053A04C9861BADB4388CF72969B ] XONE_DXM        C:\Windows\system32\drivers\XONE_DXM.sys
11:07:41.0370 7296  XONE_DXM - ok
11:07:41.0381 7296  [ A195DEA1CFA8020FFEE658158533E043 ] XONE_DX_WDM     C:\Windows\system32\drivers\XONE_DXW.sys
11:07:41.0389 7296  XONE_DX_WDM - ok
11:07:41.0408 7296  ================ Scan global ===============================
11:07:41.0431 7296  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:07:41.0480 7296  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
11:07:41.0520 7296  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
11:07:41.0538 7296  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:07:41.0553 7296  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:07:41.0556 7296  [Global] - ok
11:07:41.0556 7296  ================ Scan MBR ==================================
11:07:41.0566 7296  [ B107323CA91BADC60E0132CBE482833C ] \Device\Harddisk0\DR0
11:07:41.0920 7296  \Device\Harddisk0\DR0 - ok
11:07:41.0921 7296  ================ Scan VBR ==================================
11:07:41.0926 7296  [ E0AF8AE8DA24CB26CFB761A2737E17C3 ] \Device\Harddisk0\DR0\Partition1
11:07:41.0929 7296  \Device\Harddisk0\DR0\Partition1 - ok
11:07:41.0967 7296  [ 4A1C24F10BC5918298CB95AA5E2A64D7 ] \Device\Harddisk0\DR0\Partition2
11:07:41.0970 7296  \Device\Harddisk0\DR0\Partition2 - ok
11:07:42.0008 7296  [ EA994CE85B191DF384871A03822A554E ] \Device\Harddisk0\DR0\Partition3
11:07:42.0011 7296  \Device\Harddisk0\DR0\Partition3 - ok
11:07:42.0012 7296  ============================================================
11:07:42.0012 7296  Scan finished
11:07:42.0012 7296  ============================================================
11:07:42.0030 7816  Detected object count: 3
11:07:42.0031 7816  Actual detected object count: 3
11:07:57.0956 7816  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:57.0957 7816  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:07:57.0957 7816  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:57.0958 7816  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:07:57.0960 7816  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
11:07:57.0960 7816  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 07.02.2013, 11:19

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Mirkusmach · 07.02.2013, 11:34

okay, ich hab zwar eine Datensicherung per acronis vor Tagen gemacht aber ich weiss nicht ob die bereits befallen ist. Deshalb sichere ich jetzt einige Daten per Hand. Das kann ein wenig Übertragungszeit in Anspruch nehmen. Denke in gut einer Stunde bin ich damit durch...
Ich hoffe es geht alles trotzdem glatt und dass ich nicht den ganzen Laptop neu aufsetzten muss...

wie gesagt getan...

Log-File nach dem fixem des MBR (vor neustart):

Code:

ATTFilter

Run date: 2013-02-07 13:15:23
-----------------------------
13:15:23.614    OS Version: Windows x64 6.1.7601 Service Pack 1
13:15:23.614    Number of processors: 4 586 0x2A07
13:15:23.614    ComputerName: NB-MARKUS  UserName: markus
13:15:24.769    Initialize success
13:15:35.299    AVAST engine defs: 13020601
13:15:39.370    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:15:39.386    Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3
13:15:39.417    Disk 0 MBR read successfully
13:15:39.417    Disk 0 MBR scan
13:15:39.433    Disk 0 unknown MBR code
13:15:39.464    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
13:15:39.495    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       288043 MB offset 2459648
13:15:39.558    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16000 MB offset 592371712
13:15:39.620    Disk 0 scanning C:\Windows\system32\drivers
13:15:54.378    Service scanning
13:16:20.073    Modules scanning
13:16:20.088    Disk 0 trace - called modules:
13:16:20.135    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt58.sys ACPI.sys iaStor.sys hal.dll 
13:16:20.634    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a40060]
13:16:20.634    3 CLASSPNP.SYS[fffff88001d3943f] -> nt!IofCallDriver -> [0xfffffa80098aab30]
13:16:20.650    5 vsflt58.sys[fffff88000ebc0ed] -> nt!IofCallDriver -> [0xfffffa80074f7930]
13:16:20.650    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80074ec050]
13:16:20.666    Scan finished successfully
13:16:30.061    Verifying
13:16:40.123    Disk 0 Windows 601 MBR fixed successfully
13:19:07.063    Disk 0 MBR has been saved successfully to "C:\Users\markus\Downloads\MBR.dat"
13:19:07.063    The log file has been saved successfully to "C:\Users\markus\Downloads\aswMBR_fixed.txt"

nach dem neustart und neuer scan:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 13:22:33
-----------------------------
13:22:33.872    OS Version: Windows x64 6.1.7601 Service Pack 1
13:22:33.872    Number of processors: 4 586 0x2A07
13:22:33.872    ComputerName: NB-MARKUS  UserName: markus
13:22:37.897    Initialize success
13:22:49.566    AVAST engine defs: 13020601
13:22:56.539    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:22:56.539    Disk 0 Vendor: ST320LT0 0004 Size: 305245MB BusType: 3
13:22:56.555    Disk 0 MBR read successfully
13:22:56.555    Disk 0 MBR scan
13:22:56.570    Disk 0 Windows 7 default MBR code
13:22:56.601    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
13:22:56.633    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       288043 MB offset 2459648
13:22:56.679    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16000 MB offset 592371712
13:22:56.726    Disk 0 scanning C:\Windows\system32\drivers
13:23:19.379    Service scanning
13:23:52.851    Modules scanning
13:23:52.867    Disk 0 trace - called modules:
13:23:52.867    
13:23:52.867    Scan finished successfully
13:24:10.682    Disk 0 MBR has been saved successfully to "C:\Users\markus\Downloads\MBR.dat"
13:24:10.698    The log file has been saved successfully to "C:\Users\markus\Downloads\aswMBR_fixed_neustart.txt"

Folgendes Problem ist aufgetreten, sowohl vor dem fixen als auch danach (zu mind. nachdem ich mit adwcleaner die datei gelöscht habe):

Der computer schaltet sich automatisch ab und auf dem blue screen steht folgendes:

A problem was detected and windows has been shut down to prevent damage to your computer.
Modification of sytstem code or a critical data structure was detected.
If...usw....

Bin jetzt ein wenig überfragt da es jetzt mehrmals passiert ist. Liegt es vlt daran dass ich die datei in mozilla mit adwcleaner gelöscht habe?soll man mozilla neu installieren?

cosinus · 07.02.2013, 13:54

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Mirkusmach · 07.02.2013, 14:04

Zitat:

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Was sind Hintergrundwächter? Welche Programme/ Dienste schließen solche mit ein?

An 22 Stellen pup.loadtubes bei Scan mit MBAM gefunden

Log-Analyse und Auswertung: An 22 Stellen pup.loadtubes bei Scan mit MBAM gefunden