| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff VerweigertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.08.2014, 17:01
| #1 |
 |  Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hallo liebes Forum, ich habe Anfang letzter Woche mit merkwürdigen Symptomen auf meinem Lenovo G500s (Windows 8.1) gekämpft. Unten die Symptome und die genaue Reihenfolge deren Ablaufs: 1. Internet sehr langsam (Google hat teilweise gar nicht geladen) 2. Beim Versuch, den Browser (Firefox) neu zu starten bekam ich die Meldung, dass der Browser noch im Hintergrund läuft. 3. Versucht, mit Task Manager den entsprechenden Prozess zu beenden. Dazu bekam ich die Meldung "Zugriff verweigert". Ein Neustart des Laptops hatte auch nicht geholfen. 4. Gleiche Erfahrung mit Chrome und Explorer gemacht. Nach einigen Tagen ein System Restore mit einem Wiederherstellungspunkt durchgeführt und die Probleme scheinen erst mal nicht aufzutauchen. Ich habe dennoch Angst (eigentlich Paranoia :P ), dass ich ein sehr böses Rootkit auf meinem Rechner liegen habe. Scans mit mehreren Viren- und Malware-Scanners (Sophos, TDSSKiller, MalwareBytes usw.) haben NICHTS gefunden! Nach einer Recherche im Internet habe ich eine Prüfung mit gmer, aswMBR und MBR Master durchgeführt. Gmer und aswMBR haben ein "unknown MBR Code" im Disk 0 gefunden. Den MBR log-Datei vom mbrmaster.exe habe ich auf virustotal.com hochgeladen und prüfen lassen. Keine der 51 Scanner haben was gefunden. Ich wende mich trotzdem an Euch, da ich nicht wirklich Ahnung von diesen Themen habe. Außerdem lässt mir der Gedanke nicht los, dass es um ein sehr schlimmes Rootkit/Malware handelt, der von den gängigen Scanners nicht aufgedeckt wird. Unten die gewünschten logfiles. DEFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:15 on 19/08/2014 (XXXXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by XXXXX (administrator) on ANUJM-PC on 19-08-2014 17:16:41
Running from C:\Users\XXXXX\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Prevx) C:\Program Files\Prevx\prevx.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Prevx) C:\Program Files\Prevx\prevx.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Atheros Communications))
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider)
R2 CSIScanner; C:\Program Files\Prevx\prevx.exe [6746280 2014-08-17] (Prevx)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-07-30] (LENOVO INCORPORATED.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 MultiKMS; C:\Windows\MultiKMS\MultiKMS.exe [1485824 2014-04-07] () [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 pxkbf; C:\Windows\System32\drivers\pxkbf.sys [24024 2014-08-17] (Prevx)
R1 pxrts; C:\Windows\System32\drivers\pxrts.sys [65736 2014-08-17] (Prevx)
R0 pxscan; C:\Windows\System32\drivers\pxscan.sys [36384 2014-08-17] (Prevx)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-05-09] (Basil Projects)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 agdcrpow; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\agdcrpow.sys [X]
U3 aswMBR; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 17:16 - 2014-08-19 17:16 - 00021093 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-19 17:16 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable
2014-08-19 17:14 - 2014-08-19 17:14 - 02101760 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 17:14 - 2014-08-19 17:14 - 00380416 _____ () C:\Users\XXXXX\Downloads\3c8f90ey.exe
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00001846 _____ () C:\Users\XXXXX\Desktop\aswMBR-190814.txt
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-19 14:12 - 2014-08-19 14:12 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Desktop\DTLite4481-0347.exe
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-08-18 19:39 - 2014-08-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 19:24 - 2014-08-18 19:24 - 00008176 _____ () C:\Users\XXXXX\Desktop\gmerlog180814-2.log
2014-08-18 16:18 - 2014-08-18 16:18 - 00010883 _____ () C:\Users\XXXXX\Desktop\gmerlog180814.log
2014-08-18 16:02 - 2014-08-18 16:02 - 00380416 _____ () C:\Users\XXXXX\Downloads\9lds7dsb.exe
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 14:30 - 2014-08-18 14:30 - 00271982 _____ () C:\Users\XXXXX\Desktop\prevx3.0 lg.log
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-17 21:53 - 2014-08-19 02:00 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job
2014-08-17 21:53 - 2014-08-17 22:55 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job
2014-08-17 21:53 - 2014-08-17 21:53 - 00003618 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51
2014-08-17 21:53 - 2014-08-17 21:53 - 00003536 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-17 21:31 - 2014-08-19 02:07 - 00000000 ____D () C:\ProgramData\PrevxCSI
2014-08-17 21:31 - 2014-08-17 21:31 - 00065736 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll
2014-08-17 21:31 - 2014-08-17 21:31 - 00036384 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxscan.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00024024 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxkbf.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\Program Files\Prevx
2014-08-17 21:30 - 2014-08-17 21:31 - 00945272 _____ (Prevx) C:\Users\XXXXX\Downloads\prevxcsifree.exe
2014-08-17 21:26 - 2014-08-17 21:28 - 113826552 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\msert.exe
2014-08-14 18:56 - 2014-08-15 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 18:56 - 2014-08-15 17:25 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:55 - 2014-08-15 17:24 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-14 18:45 - 2014-08-15 17:36 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-14 18:44 - 2014-08-14 18:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Downloads\mbar-1.07.0.1012.exe
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 18:11 - 2014-08-14 18:11 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-14 18:09 - 2014-08-14 18:10 - 11188736 _____ (SurfRight B.V.) C:\Users\XXXXX\Downloads\HitmanPro_x64.exe
2014-08-14 17:38 - 2014-08-14 17:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore7.exe.exe
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-14 15:31 - 2014-08-14 15:31 - 00003277 _____ () C:\Users\XXXXX\Desktop\Sophos Virus Removal Tool.lnk
2014-08-14 15:31 - 2014-08-14 15:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-14 15:28 - 2014-08-14 15:29 - 95874160 _____ (Sophos Limited) C:\Users\XXXXX\Downloads\Sophos Virus Removal Tool.exe
2014-08-13 18:57 - 2014-08-13 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore2.exe.exe
2014-08-13 18:56 - 2014-08-13 18:56 - 11424456 _____ (Bitdefender LLC) C:\Users\XXXXX\Downloads\iexplore455.exe.exe
2014-08-13 18:56 - 2014-08-13 18:56 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Downloads\ieplore3.exe.exe
2014-08-12 17:55 - 2014-08-19 17:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 17:55 - 2014-08-19 01:47 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 17:55 - 2014-08-19 01:45 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 23:08 - 2014-08-12 17:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 11:07 - 2014-08-07 11:07 - 06194967 _____ () C:\Users\XXXXX\Downloads\diffpdf-2.0.0-win32-static.zip
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone
2014-07-21 12:46 - 2014-07-21 12:47 - 00000000 ____D () C:\Users\XXXXX\Desktop\WSÜ Mitschriften
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 17:16 - 2014-08-19 17:16 - 00021093 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-19 17:16 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable
2014-08-19 17:15 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX
2014-08-19 17:14 - 2014-08-19 17:14 - 02101760 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 17:14 - 2014-08-19 17:14 - 00380416 _____ () C:\Users\XXXXX\Downloads\3c8f90ey.exe
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 17:10 - 2014-02-12 20:59 - 01369614 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 17:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:12 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-19 16:12 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-19 16:12 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00001846 _____ () C:\Users\XXXXX\Desktop\aswMBR-190814.txt
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-19 14:12 - 2014-08-19 14:12 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Desktop\DTLite4481-0347.exe
2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-19 02:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-19 02:21 - 2014-02-12 22:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002
2014-08-19 02:07 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\PrevxCSI
2014-08-19 02:00 - 2014-08-17 21:53 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job
2014-08-19 01:51 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2014-08-19 01:47 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 01:46 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job
2014-08-19 01:45 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:50 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-18 19:50 - 2014-02-20 14:25 - 578802057 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-18 19:50 - 2013-11-14 00:18 - 00054838 _____ () C:\WINDOWS\PFRO.log
2014-08-18 19:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 19:50 - 2013-08-22 16:44 - 05040872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-18 19:42 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 19:24 - 2014-08-18 19:24 - 00008176 _____ () C:\Users\XXXXX\Desktop\gmerlog180814-2.log
2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-18 16:18 - 2014-08-18 16:18 - 00010883 _____ () C:\Users\XXXXX\Desktop\gmerlog180814.log
2014-08-18 16:02 - 2014-08-18 16:02 - 00380416 _____ () C:\Users\XXXXX\Downloads\9lds7dsb.exe
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 15:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-18 14:30 - 2014-08-18 14:30 - 00271982 _____ () C:\Users\XXXXX\Desktop\prevx3.0 lg.log
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-18 10:42 - 2014-02-12 16:28 - 17130140 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-17 22:55 - 2014-08-17 21:53 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job
2014-08-17 21:53 - 2014-08-17 21:53 - 00003618 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51
2014-08-17 21:53 - 2014-08-17 21:53 - 00003536 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:53 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:31 - 2014-08-17 21:31 - 00065736 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll
2014-08-17 21:31 - 2014-08-17 21:31 - 00036384 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxscan.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00024024 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxkbf.sys
2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\Program Files\Prevx
2014-08-17 21:31 - 2014-08-17 21:30 - 00945272 _____ (Prevx) C:\Users\XXXXX\Downloads\prevxcsifree.exe
2014-08-17 21:28 - 2014-08-17 21:26 - 113826552 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\msert.exe
2014-08-15 17:36 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-15 17:36 - 2014-08-14 18:45 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-15 17:25 - 2014-08-14 18:56 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 17:24 - 2014-08-14 18:55 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA
2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag
2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2014-08-14 20:15 - 2013-08-22 16:46 - 00345788 _____ () C:\WINDOWS\setupact.log
2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 18:45 - 2014-08-14 18:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Downloads\mbar-1.07.0.1012.exe
2014-08-14 18:45 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 18:11 - 2014-08-14 18:11 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-14 18:10 - 2014-08-14 18:09 - 11188736 _____ (SurfRight B.V.) C:\Users\XXXXX\Downloads\HitmanPro_x64.exe
2014-08-14 17:38 - 2014-08-14 17:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore7.exe.exe
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-14 15:31 - 2014-08-14 15:31 - 00003277 _____ () C:\Users\XXXXX\Desktop\Sophos Virus Removal Tool.lnk
2014-08-14 15:31 - 2014-08-14 15:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-08-14 15:31 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-14 15:31 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-14 15:29 - 2014-08-14 15:28 - 95874160 _____ (Sophos Limited) C:\Users\XXXXX\Downloads\Sophos Virus Removal Tool.exe
2014-08-14 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-14 14:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-13 18:57 - 2014-08-13 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore2.exe.exe
2014-08-13 18:56 - 2014-08-13 18:56 - 11424456 _____ (Bitdefender LLC) C:\Users\XXXXX\Downloads\iexplore455.exe.exe
2014-08-13 18:56 - 2014-08-13 18:56 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Downloads\ieplore3.exe.exe
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-12 17:51 - 2014-08-10 23:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone
2014-08-12 17:49 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-12 17:49 - 2014-05-09 01:39 - 00000000 ____D () C:\Program Files\KMSpico
2014-08-12 17:49 - 2014-04-06 23:52 - 00000000 ____D () C:\Microsoft Office 2013 Pro
2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-08-12 17:49 - 2014-02-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-08-12 17:42 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-10 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 11:07 - 2014-08-07 11:07 - 06194967 _____ () C:\Users\XXXXX\Downloads\diffpdf-2.0.0-win32-static.zip
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-27 12:15 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
2014-07-25 16:52 - 2014-08-17 21:45 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-17 21:45 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-17 21:45 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-17 21:45 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-17 21:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-17 21:45 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-17 21:45 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-17 21:45 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-17 21:45 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-17 21:45 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-17 21:45 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-17 21:45 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-17 21:45 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-17 21:45 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-17 21:45 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-17 21:45 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-17 21:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-17 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-17 21:45 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-17 21:45 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-17 21:45 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-17 21:45 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-17 21:45 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-17 21:45 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-17 21:45 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-17 21:45 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-17 21:45 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-17 21:45 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-17 21:45 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-23 16:55 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB
2014-07-21 12:47 - 2014-07-21 12:46 - 00000000 ____D () C:\Users\XXXXX\Desktop\WSÜ Mitschriften
Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\pvxinst156.exe
C:\Users\XXXXX\AppData\Local\Temp\pvxinst437.exe
C:\Users\XXXXX\AppData\Local\Temp\pvxinst687.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-13 17:38
==================== End Of Log ============================
ADDITION FARBAR Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by XXXXX at 2014-08-19 17:17:14
Running from C:\Users\XXXXX\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.26.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Prevx (HKLM\...\PCSI) (Version: 3.0.5.220 - Prevx)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-08-2014 14:27:54 Geplanter Prüfpunkt
08-08-2014 12:30:41 Installed Eraser 6.0.10.2620
12-08-2014 15:37:19 Wiederherstellungsvorgang
14-08-2014 13:30:46 Installed Sophos Virus Removal Tool.
17-08-2014 22:42:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {391D0077-966F-4BEF-B68D-1E4D857A875F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BD487AE-FC9C-4F26-92D2-0A67C0725EC4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-07-30] ()
Task: {3CB0FAEC-D259-4BDF-B6D4-383FF78D23D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {43F97815-8A20-48CE-A00A-9CCEF619723C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {469C82F6-72E7-461E-A9C8-754F9689FD1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D4957F7-B946-4651-9F2A-D7A1F490AA08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {CB7B7990-0448-41F6-840D-3A8AEDDDB87F} - System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-05-16 03:46 - 2013-05-16 03:46 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-16 03:43 - 2013-05-16 03:43 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-16 04:09 - 2013-05-16 04:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-18 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-18 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-18 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-05-26 23:59 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-12 17:55 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (08/18/2014 07:50:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xffffe00036200040, 0xffffd00166fdb950)C:\WINDOWS\MEMORY.DMP081814-31546-01
Error: (08/18/2014 07:50:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.08.2014 um 19:30:00 unerwartet heruntergefahren.
Error: (08/18/2014 04:52:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.08.2014 um 16:32:49 unerwartet heruntergefahren.
Error: (08/18/2014 10:42:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "CSIScanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/18/2014 10:40:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MultiKMS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/18/2014 00:20:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/17/2014 10:55:05 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/17/2014 10:54:52 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/17/2014 10:54:41 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/17/2014 10:54:36 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC)
Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 3993.77 MB
Available physical RAM: 1772.49 MB
Total Pagefile: 12697.77 MB
Available Pagefile: 10626.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:798.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-19 17:24:16
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST1000LM014-SSHD-8GB rev.LVD3 931,51GB
Running: 7kdbwp1l.exe; Driver: C:\Users\XXXXX~1\AppData\Local\Temp\agdcrpow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600018b300 15 bytes [00, F7, F7, 01, 80, D7, 70, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600018b310 11 bytes [00, 99, FC, FF, 00, C1, C3, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffda3d128c0 7 bytes JMP 00007ffea3140260
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffda3d143d8 7 bytes JMP 00007ffea3140298
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffda3dc1f20 7 bytes JMP 00007ffea3140308
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffda3dc40b4 7 bytes JMP 00007ffea3140340
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffda3dc4510 7 bytes JMP 00007ffea31402d0
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffda3decea0 7 bytes JMP 00007ffea31401f0
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffda3decf10 7 bytes JMP 00007ffea3140228
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffda3152300 7 bytes JMP 00007ffea31400d8
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffda3155770 5 bytes JMP 00007ffea3140180
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffda3155860 5 bytes JMP 00007ffea3140148
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffda3155a30 5 bytes JMP 00007ffea3140110
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffda31ca3f0 5 bytes JMP 00007ffea31401b8
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffda56db6f4 10 bytes JMP 00007ffea3140420
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffda56e45d8 5 bytes JMP 00007ffea31403e8
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffda56e4750 9 bytes JMP 00007ffea3140378
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffda56f4fc0 5 bytes JMP 00007ffea31403b0
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffda56f5cb0 5 bytes JMP 00007ffea3140458
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffda3311500 1 byte JMP 00007ffea3140490
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffda3311502 6 bytes {JMP 0xffffffffffe2ef90}
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffda3311750 8 bytes JMP 00007ffea31404c8
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffd9fcc7a88 5 bytes JMP 00007ffe9fb70110
.text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffd9fcd4990 5 bytes JMP 00007ffe9fb700d8
.text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd92ed1f6a 4 bytes [ED, 92, FD, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd92ed1f82 4 bytes [ED, 92, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F]
.text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [708:732] fffff9600097cb90
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5736:6596] 00000000002afc29
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5736:6500] 00000000002b4950
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
MBRMaster und VirusTotal Code:
ATTFilter Detected Windows version: 6.2 Build 9200
Installing direct disk access driver ...
Driver connection handle: 0x00000164
1 valid drive(s) found.
Details for Disk 0 - ST1000LM014-SSHD-8GB Rev LVD3:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 121601/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194
SHA256: 59a3cfd201f5dd6ed71c37469b0dce020dea3d36e838f54c5ce811ecf678bfd6
https://www.virustotal.com/de/file/59a3cfd201f5dd6ed71c37469b0dce020dea3d36e838f54c5ce811ecf678bfd6/analysis/1408457412/
Freundlichen Gruß |
|
19.08.2014, 17:21
| #2 |
| /// the machine /// TB-Ausbilder    | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
19.08.2014, 20:31
| #3 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hallo schrauber,
__________________vielen Dank für die schnelle Rückmeldung. Ich habe den Scan wie vorgeschrieben durchgeführt. Das erste Mal hat der Scan nichts erkannt; da war noch mein WLAN-Anschluss an. Ich habe die Verbindung abgebrochen und einen zweiten Scan durchgeführt und gleich mehrere Threats erkannt bekommen. Manche von denen scheinen aber den originalen Lenovo Treibern zu gehören. Hab das Logfile wieder als Anhang beifügen müssen, weil es zu lang war. |
|
20.08.2014, 10:56
| #4 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2014, 12:17
| #5 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hi ok, hier das Logfile vom TDSSKiller Code:
ATTFilter 21:12:28.0486 0x1738 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:12:28.0486 0x1738 UEFI system
21:12:32.0455 0x1738 ============================================================
21:12:32.0455 0x1738 Current date / time: 2014/08/19 21:12:32.0455
21:12:32.0455 0x1738 SystemInfo:
21:12:32.0455 0x1738
21:12:32.0455 0x1738 OS Version: 6.3.9600 ServicePack: 0.0
21:12:32.0455 0x1738 Product type: Workstation
21:12:32.0455 0x1738 ComputerName: XXXXX-PC
21:12:32.0455 0x1738 UserName: XXXXX
21:12:32.0455 0x1738 Windows directory: C:\WINDOWS
21:12:32.0455 0x1738 System windows directory: C:\WINDOWS
21:12:32.0455 0x1738 Running under WOW64
21:12:32.0455 0x1738 Processor architecture: Intel x64
21:12:32.0455 0x1738 Number of processors: 4
21:12:32.0455 0x1738 Page size: 0x1000
21:12:32.0455 0x1738 Boot type: Normal boot
21:12:32.0455 0x1738 ============================================================
21:12:32.0658 0x1738 KLMD registered as C:\WINDOWS\system32\drivers\33626478.sys
21:12:32.0893 0x1738 System UUID: {639D57C1-E7EA-EAF2-705A-75749B2F32D0}
21:12:33.0440 0x1738 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:12:33.0440 0x1738 ============================================================
21:12:33.0440 0x1738 \Device\Harddisk0\DR0:
21:12:33.0440 0x1738 GPT partitions:
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8A0311B3-F4D6-4697-A51F-72F2460741D0}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3A74153C-95F8-45BB-BED4-719B2EC354C0}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {3898826E-15D8-4978-B1C0-06981408C708}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B75AA720-7A75-4246-B929-66B29FD22F6C}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {66FFDC7E-31E1-47AC-9D69-D57638F27E01}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x6F778000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {276DFE80-3A76-4918-A694-1A3AEE819AB9}, Name: , StartLBA 0x6FC22800, BlocksNum 0xAF000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F6FD1A1E-6030-47B8-8454-E84E2942FEF7}, Name: Basic data partition, StartLBA 0x6FCD1800, BlocksNum 0x3200000
21:12:33.0440 0x1738 \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3F535BC9-16B6-463E-A6F1-09B0D3B53843}, Name: Basic data partition, StartLBA 0x72ED1800, BlocksNum 0x1835000
21:12:33.0440 0x1738 MBR partitions:
21:12:33.0440 0x1738 ============================================================
21:12:33.0455 0x1738 C: <-> \Device\Harddisk0\DR0\Partition5
21:12:33.0455 0x1738 D: <-> \Device\Harddisk0\DR0\Partition7
21:12:33.0455 0x1738 ============================================================
21:12:33.0455 0x1738 Initialize success
21:12:33.0455 0x1738 ============================================================
21:12:41.0346 0x0ef4 ============================================================
21:12:41.0346 0x0ef4 Scan started
21:12:41.0346 0x0ef4 Mode: Manual; SigCheck; TDLFS;
21:12:41.0346 0x0ef4 ============================================================
21:12:41.0346 0x0ef4 KSN ping started
21:12:41.0362 0x0ef4 KSN ping finished: false
21:12:41.0706 0x0ef4 ================ Scan system memory ========================
21:12:41.0706 0x0ef4 System memory - ok
21:12:41.0706 0x0ef4 ================ Scan services =============================
21:12:41.0721 0x0ef4 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:12:41.0784 0x0ef4 !SASCORE - ok
21:12:43.0612 0x0ef4 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
21:12:43.0659 0x0ef4 1394ohci - ok
21:12:43.0674 0x0ef4 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
21:12:43.0706 0x0ef4 3ware - ok
21:12:43.0737 0x0ef4 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
21:12:43.0784 0x0ef4 ACPI - ok
21:12:43.0799 0x0ef4 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
21:12:43.0815 0x0ef4 acpiex - ok
21:12:43.0815 0x0ef4 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
21:12:43.0846 0x0ef4 acpipagr - ok
21:12:43.0846 0x0ef4 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
21:12:43.0862 0x0ef4 AcpiPmi - ok
21:12:43.0878 0x0ef4 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
21:12:43.0893 0x0ef4 acpitime - ok
21:12:43.0893 0x0ef4 [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
21:12:43.0924 0x0ef4 ACPIVPC - ok
21:12:43.0940 0x0ef4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:12:43.0987 0x0ef4 AdobeARMservice - ok
21:12:44.0003 0x0ef4 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:12:44.0065 0x0ef4 ADP80XX - ok
21:12:44.0081 0x0ef4 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
21:12:44.0096 0x0ef4 AeLookupSvc - ok
21:12:44.0128 0x0ef4 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
21:12:44.0159 0x0ef4 AFD - ok
21:12:44.0174 0x0ef4 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
21:12:44.0190 0x0ef4 agp440 - ok
21:12:44.0190 0x0ef4 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:12:44.0221 0x0ef4 ahcache - ok
21:12:44.0221 0x0ef4 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe
21:12:44.0253 0x0ef4 ALG - ok
21:12:44.0268 0x0ef4 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
21:12:44.0299 0x0ef4 AmdK8 - ok
21:12:44.0299 0x0ef4 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
21:12:44.0331 0x0ef4 AmdPPM - ok
21:12:44.0378 0x0ef4 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
21:12:44.0409 0x0ef4 amdsata - ok
21:12:44.0424 0x0ef4 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
21:12:44.0456 0x0ef4 amdsbs - ok
21:12:44.0471 0x0ef4 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
21:12:44.0487 0x0ef4 amdxata - ok
21:12:44.0487 0x0ef4 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys
21:12:44.0518 0x0ef4 AppID - ok
21:12:44.0518 0x0ef4 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
21:12:44.0534 0x0ef4 AppIDSvc - ok
21:12:44.0549 0x0ef4 [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\WINDOWS\System32\appinfo.dll
21:12:44.0565 0x0ef4 Appinfo - ok
21:12:44.0596 0x0ef4 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
21:12:44.0643 0x0ef4 AppReadiness - ok
21:12:44.0674 0x0ef4 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
21:12:44.0737 0x0ef4 AppXSvc - ok
21:12:44.0753 0x0ef4 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
21:12:44.0768 0x0ef4 arcsas - ok
21:12:44.0784 0x0ef4 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
21:12:44.0799 0x0ef4 atapi - ok
21:12:44.0815 0x0ef4 [ 427A6D1397E826B370D025EE73A50E6E, FC8BAB3AA95B55D59B8DF9F97C87D1F3CEAB609A3E6C8BD576F3BF9047C6A120 ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
21:12:44.0846 0x0ef4 AthBTPort - ok
21:12:44.0878 0x0ef4 [ BA64A277FC89FA49B2DC4B1D11C4CBEE, 08455911717C8B281470B5FE5A75D51B5115F0177B593D9D7F9A06113735B946 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:12:44.0909 0x0ef4 AtherosSvc - ok
21:12:45.0081 0x0ef4 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
21:12:45.0206 0x0ef4 athr - ok
21:12:45.0237 0x0ef4 [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:12:45.0268 0x0ef4 AudioEndpointBuilder - ok
21:12:45.0299 0x0ef4 [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
21:12:45.0346 0x0ef4 Audiosrv - ok
21:12:45.0362 0x0ef4 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
21:12:45.0378 0x0ef4 AxInstSV - ok
21:12:45.0409 0x0ef4 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
21:12:45.0440 0x0ef4 b06bdrv - ok
21:12:45.0440 0x0ef4 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:12:45.0471 0x0ef4 BasicDisplay - ok
21:12:45.0471 0x0ef4 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
21:12:45.0487 0x0ef4 BasicRender - ok
21:12:45.0503 0x0ef4 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
21:12:45.0518 0x0ef4 bcmfn2 - ok
21:12:45.0534 0x0ef4 [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
21:12:45.0565 0x0ef4 BDESVC - ok
21:12:45.0565 0x0ef4 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:12:45.0581 0x0ef4 Beep - ok
21:12:45.0612 0x0ef4 [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\WINDOWS\System32\bfe.dll
21:12:45.0659 0x0ef4 BFE - ok
21:12:45.0706 0x0ef4 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll
21:12:45.0753 0x0ef4 BITS - ok
21:12:45.0768 0x0ef4 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
21:12:45.0784 0x0ef4 bowser - ok
21:12:45.0800 0x0ef4 [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:12:45.0831 0x0ef4 BrokerInfrastructure - ok
21:12:45.0831 0x0ef4 [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\WINDOWS\System32\browser.dll
21:12:45.0862 0x0ef4 Browser - ok
21:12:45.0878 0x0ef4 [ E9B6AC24CB3737D2F93C05590B4A9048, 7CFDF93947925EDF6D6C0AD9E3A31AF098E8F8574AFCD8C7B3242E29A1F38CDD ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
21:12:45.0909 0x0ef4 BTATH_A2DP - ok
21:12:45.0909 0x0ef4 [ 2BD94FC9AB890A7A7CEF81E5F1A2D421, 0B572D0F6558CA37164A15A8D9DF13160BBF6DA119B8E92436B3DCFA19361E31 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
21:12:45.0925 0x0ef4 btath_avdt - ok
21:12:45.0940 0x0ef4 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
21:12:45.0971 0x0ef4 BTATH_HCRP - ok
21:12:45.0971 0x0ef4 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
21:12:45.0987 0x0ef4 BTATH_LWFLT - ok
21:12:46.0003 0x0ef4 [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
21:12:46.0018 0x0ef4 BTATH_RCP - ok
21:12:46.0050 0x0ef4 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
21:12:46.0081 0x0ef4 BtFilter - ok
21:12:46.0081 0x0ef4 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:12:46.0112 0x0ef4 BthAvrcpTg - ok
21:12:46.0112 0x0ef4 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
21:12:46.0128 0x0ef4 BthEnum - ok
21:12:46.0143 0x0ef4 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
21:12:46.0159 0x0ef4 BthHFEnum - ok
21:12:46.0159 0x0ef4 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
21:12:46.0190 0x0ef4 bthhfhid - ok
21:12:46.0206 0x0ef4 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
21:12:46.0237 0x0ef4 BthLEEnum - ok
21:12:46.0237 0x0ef4 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
21:12:46.0253 0x0ef4 BTHMODEM - ok
21:12:46.0268 0x0ef4 [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:12:46.0284 0x0ef4 BthPan - ok
21:12:46.0346 0x0ef4 [ 92370F46AF28D54B67C135FA8C2AFCFC, B1C0DBF27D392DEA8786AB9479C6CCD5A5DBDF3BE25ABA5FC7C6DB6D3EEE739B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
21:12:46.0393 0x0ef4 BTHPORT - ok
21:12:46.0409 0x0ef4 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll
21:12:46.0425 0x0ef4 bthserv - ok
21:12:46.0440 0x0ef4 [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
21:12:46.0471 0x0ef4 BTHUSB - ok
21:12:46.0471 0x0ef4 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:12:46.0487 0x0ef4 cdfs - ok
21:12:46.0503 0x0ef4 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
21:12:46.0534 0x0ef4 cdrom - ok
21:12:46.0534 0x0ef4 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
21:12:46.0565 0x0ef4 CertPropSvc - ok
21:12:46.0565 0x0ef4 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
21:12:46.0596 0x0ef4 circlass - ok
21:12:46.0612 0x0ef4 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
21:12:46.0643 0x0ef4 CLFS - ok
21:12:46.0659 0x0ef4 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
21:12:46.0675 0x0ef4 CmBatt - ok
21:12:46.0690 0x0ef4 [ 1CD3A907D64D08F49208DA00B69BF35E, ABBD70FFCA0DE2274D855AFC08BF7BC0AA6D44EFC9FDBF7DF44B73CD5C210E28 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
21:12:46.0737 0x0ef4 CNG - ok
21:12:46.0800 0x0ef4 [ 91C3294F26B430FD84215C50849CC055, DBFF561A1D874654FAEA4621A94180B5CE26F82E3D173FF361357BEC68D31B47 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
21:12:46.0878 0x0ef4 CnxtHdAudService - ok
21:12:46.0878 0x0ef4 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
21:12:46.0909 0x0ef4 CompositeBus - ok
21:12:46.0909 0x0ef4 COMSysApp - ok
21:12:46.0909 0x0ef4 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
21:12:46.0940 0x0ef4 condrv - ok
21:12:47.0018 0x0ef4 [ 3AB8D5A07C09FFBCAB55F2482434A2E0, 7E8EDD8FF76FFD52F614889750DE99DB34215480764BFF1C018126A253221D50 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:12:47.0081 0x0ef4 cphs - ok
21:12:47.0081 0x0ef4 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
21:12:47.0112 0x0ef4 CryptSvc - ok
21:12:47.0331 0x0ef4 [ 5131D2469B6B19DC20B446EBE43EBB79, 1DA8049838844B9E8F5F307DA3CB41F8AA9AB9689022485ABD068554BB47F3E9 ] CSIScanner C:\Program Files\Prevx\prevx.exe
21:12:47.0862 0x0ef4 CSIScanner - ok
21:12:47.0878 0x0ef4 [ 0BF56545D2E82A48579A633DC65B9494, 2BB6C682A46FB8BAF0AB9ACB3C6BEE1F20A4BB2910676BB08FEA506A47D76A57 ] CxAudMsg C:\WINDOWS\system32\CxAudMsg64.exe
21:12:47.0909 0x0ef4 CxAudMsg - ok
21:12:47.0909 0x0ef4 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
21:12:47.0925 0x0ef4 dam - ok
21:12:47.0956 0x0ef4 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:12:48.0003 0x0ef4 DcomLaunch - ok
21:12:48.0034 0x0ef4 [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
21:12:48.0065 0x0ef4 defragsvc - ok
21:12:48.0081 0x0ef4 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:12:48.0112 0x0ef4 DeviceAssociationService - ok
21:12:48.0128 0x0ef4 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
21:12:48.0159 0x0ef4 DeviceInstall - ok
21:12:48.0159 0x0ef4 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
21:12:48.0190 0x0ef4 Dfsc - ok
21:12:48.0206 0x0ef4 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
21:12:48.0237 0x0ef4 Dhcp - ok
21:12:48.0253 0x0ef4 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
21:12:48.0268 0x0ef4 disk - ok
21:12:48.0268 0x0ef4 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
21:12:48.0284 0x0ef4 dmvsc - ok
21:12:48.0300 0x0ef4 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:12:48.0331 0x0ef4 Dnscache - ok
21:12:48.0347 0x0ef4 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll
21:12:48.0393 0x0ef4 dot3svc - ok
21:12:48.0409 0x0ef4 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll
21:12:48.0440 0x0ef4 DPS - ok
21:12:48.0440 0x0ef4 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:12:48.0456 0x0ef4 drmkaud - ok
21:12:48.0472 0x0ef4 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
21:12:48.0503 0x0ef4 DsmSvc - ok
21:12:48.0518 0x0ef4 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
21:12:48.0534 0x0ef4 dtsoftbus01 - ok
21:12:48.0597 0x0ef4 [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:12:48.0675 0x0ef4 DXGKrnl - ok
21:12:48.0690 0x0ef4 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll
21:12:48.0722 0x0ef4 Eaphost - ok
21:12:48.0847 0x0ef4 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
21:12:48.0987 0x0ef4 ebdrv - ok
21:12:48.0987 0x0ef4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe
21:12:49.0018 0x0ef4 EFS - ok
21:12:49.0018 0x0ef4 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
21:12:49.0034 0x0ef4 EhStorClass - ok
21:12:49.0050 0x0ef4 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:12:49.0065 0x0ef4 EhStorTcgDrv - ok
21:12:49.0081 0x0ef4 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
21:12:49.0097 0x0ef4 ErrDev - ok
21:12:49.0112 0x0ef4 [ 9CBBFB1953562BCAE1B1F351F17E32D8, D6118C5F782262916D2481BAEE25017123953F66D550BF29CCA4258FF6C3BC2D ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
21:12:49.0143 0x0ef4 ETD - ok
21:12:49.0159 0x0ef4 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll
21:12:49.0206 0x0ef4 EventSystem - ok
21:12:49.0206 0x0ef4 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
21:12:49.0237 0x0ef4 exfat - ok
21:12:49.0253 0x0ef4 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
21:12:49.0284 0x0ef4 fastfat - ok
21:12:49.0300 0x0ef4 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:12:49.0347 0x0ef4 Fax - ok
21:12:49.0347 0x0ef4 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
21:12:49.0362 0x0ef4 fdc - ok
21:12:49.0378 0x0ef4 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll
21:12:49.0393 0x0ef4 fdPHost - ok
21:12:49.0409 0x0ef4 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll
21:12:49.0425 0x0ef4 FDResPub - ok
21:12:49.0440 0x0ef4 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll
21:12:49.0456 0x0ef4 fhsvc - ok
21:12:49.0472 0x0ef4 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
21:12:49.0487 0x0ef4 FileInfo - ok
21:12:49.0503 0x0ef4 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
21:12:49.0518 0x0ef4 Filetrace - ok
21:12:49.0534 0x0ef4 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
21:12:49.0550 0x0ef4 flpydisk - ok
21:12:49.0565 0x0ef4 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:12:49.0597 0x0ef4 FltMgr - ok
21:12:49.0643 0x0ef4 [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\WINDOWS\system32\FntCache.dll
21:12:49.0706 0x0ef4 FontCache - ok
21:12:49.0706 0x0ef4 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:12:49.0753 0x0ef4 FontCache3.0.0.0 - ok
21:12:49.0768 0x0ef4 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
21:12:49.0784 0x0ef4 FsDepends - ok
21:12:49.0784 0x0ef4 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:12:49.0800 0x0ef4 Fs_Rec - ok
21:12:49.0831 0x0ef4 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:12:49.0893 0x0ef4 fvevol - ok
21:12:49.0893 0x0ef4 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
21:12:49.0925 0x0ef4 FxPPM - ok
21:12:49.0925 0x0ef4 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
21:12:49.0940 0x0ef4 gagp30kx - ok
21:12:49.0956 0x0ef4 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
21:12:49.0972 0x0ef4 gencounter - ok
21:12:49.0972 0x0ef4 [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:12:50.0003 0x0ef4 GPIOClx0101 - ok
21:12:50.0050 0x0ef4 [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc C:\WINDOWS\System32\gpsvc.dll
21:12:50.0097 0x0ef4 gpsvc - ok
21:12:50.0112 0x0ef4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:50.0159 0x0ef4 gupdate - ok
21:12:50.0175 0x0ef4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:12:50.0222 0x0ef4 gupdatem - ok
21:12:50.0253 0x0ef4 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:12:50.0284 0x0ef4 HdAudAddService - ok
21:12:50.0284 0x0ef4 [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
21:12:50.0315 0x0ef4 HDAudBus - ok
21:12:50.0331 0x0ef4 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
21:12:50.0362 0x0ef4 HidBatt - ok
21:12:50.0362 0x0ef4 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
21:12:50.0409 0x0ef4 HidBth - ok
21:12:50.0409 0x0ef4 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
21:12:50.0440 0x0ef4 hidi2c - ok
21:12:50.0456 0x0ef4 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
21:12:50.0472 0x0ef4 HidIr - ok
21:12:50.0487 0x0ef4 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll
21:12:50.0503 0x0ef4 hidserv - ok
21:12:50.0518 0x0ef4 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
21:12:50.0534 0x0ef4 HidUsb - ok
21:12:50.0550 0x0ef4 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
21:12:50.0565 0x0ef4 hkmsvc - ok
21:12:50.0581 0x0ef4 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:12:50.0612 0x0ef4 HomeGroupListener - ok
21:12:50.0644 0x0ef4 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:12:50.0675 0x0ef4 HomeGroupProvider - ok
21:12:50.0690 0x0ef4 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
21:12:50.0706 0x0ef4 HpSAMD - ok
21:12:50.0753 0x0ef4 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
21:12:50.0815 0x0ef4 HTTP - ok
21:12:50.0831 0x0ef4 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
21:12:50.0847 0x0ef4 hwpolicy - ok
21:12:50.0862 0x0ef4 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
21:12:50.0878 0x0ef4 hyperkbd - ok
21:12:50.0894 0x0ef4 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:12:50.0909 0x0ef4 HyperVideo - ok
21:12:50.0925 0x0ef4 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
21:12:50.0940 0x0ef4 i8042prt - ok
21:12:50.0956 0x0ef4 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:12:50.0972 0x0ef4 iaLPSSi_GPIO - ok
21:12:50.0987 0x0ef4 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:12:51.0003 0x0ef4 iaLPSSi_I2C - ok
21:12:51.0034 0x0ef4 [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
21:12:51.0081 0x0ef4 iaStorA - ok
21:12:51.0112 0x0ef4 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
21:12:51.0159 0x0ef4 iaStorAV - ok
21:12:51.0175 0x0ef4 [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:12:51.0206 0x0ef4 IAStorDataMgrSvc - ok
21:12:51.0222 0x0ef4 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
21:12:51.0269 0x0ef4 iaStorV - ok
21:12:51.0269 0x0ef4 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
21:12:51.0315 0x0ef4 ICCS - ok
21:12:51.0331 0x0ef4 IEEtwCollectorService - ok
21:12:51.0534 0x0ef4 [ 0245CD3AE14CACF6E2503C42019431D7, 87D2E1ACD3CC0B1C3F713EB5E0C6C510B386EC142AC7554B2043396305626C96 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:12:51.0706 0x0ef4 igfx - ok
21:12:51.0753 0x0ef4 [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\WINDOWS\System32\ikeext.dll
21:12:51.0815 0x0ef4 IKEEXT - ok
21:12:51.0831 0x0ef4 [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
21:12:51.0847 0x0ef4 intaud_WaveExtensible - ok
21:12:51.0862 0x0ef4 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
21:12:51.0878 0x0ef4 IntcDAud - ok
21:12:51.0909 0x0ef4 [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:12:51.0956 0x0ef4 Intel(R) Capability Licensing Service Interface - ok
21:12:51.0956 0x0ef4 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
21:12:51.0972 0x0ef4 intelide - ok
21:12:51.0987 0x0ef4 [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
21:12:52.0003 0x0ef4 intelpep - ok
21:12:52.0003 0x0ef4 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
21:12:52.0034 0x0ef4 intelppm - ok
21:12:52.0065 0x0ef4 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:12:52.0081 0x0ef4 IpFilterDriver - ok
21:12:52.0112 0x0ef4 [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
21:12:52.0159 0x0ef4 iphlpsvc - ok
21:12:52.0175 0x0ef4 [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:12:52.0206 0x0ef4 IPMIDRV - ok
21:12:52.0222 0x0ef4 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
21:12:52.0253 0x0ef4 IPNAT - ok
21:12:52.0269 0x0ef4 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
21:12:52.0300 0x0ef4 IRENUM - ok
21:12:52.0315 0x0ef4 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
21:12:52.0331 0x0ef4 isapnp - ok
21:12:52.0347 0x0ef4 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
21:12:52.0378 0x0ef4 iScsiPrt - ok
21:12:52.0394 0x0ef4 [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
21:12:52.0409 0x0ef4 iwdbus - ok
21:12:52.0425 0x0ef4 [ B2AAF45E83CAFA49A34EB2F2D6D7609C, 1AE9FEE38D295F485165F2BA53F2D7CED5D9845D98F9EAC23ABF2244D3CB1D96 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:12:52.0472 0x0ef4 jhi_service - ok
21:12:52.0487 0x0ef4 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
21:12:52.0503 0x0ef4 kbdclass - ok
21:12:52.0519 0x0ef4 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
21:12:52.0534 0x0ef4 kbdhid - ok
21:12:52.0534 0x0ef4 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:12:52.0565 0x0ef4 kdnic - ok
21:12:52.0565 0x0ef4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe
21:12:52.0581 0x0ef4 KeyIso - ok
21:12:52.0597 0x0ef4 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
21:12:52.0612 0x0ef4 KSecDD - ok
21:12:52.0628 0x0ef4 [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:12:52.0644 0x0ef4 KSecPkg - ok
21:12:52.0659 0x0ef4 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
21:12:52.0675 0x0ef4 ksthunk - ok
21:12:52.0706 0x0ef4 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
21:12:52.0737 0x0ef4 KtmRm - ok
21:12:52.0753 0x0ef4 [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
21:12:52.0769 0x0ef4 L1C - ok
21:12:52.0784 0x0ef4 [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
21:12:52.0815 0x0ef4 LanmanServer - ok
21:12:52.0831 0x0ef4 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:12:52.0862 0x0ef4 LanmanWorkstation - ok
21:12:52.0878 0x0ef4 [ B273F34CC899403596C5C8743A24FD78, 2BB026275DB2D92282BC3DFAE06F21EB49408F105060E2D00EC0F640460404BE ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
21:12:52.0956 0x0ef4 Lenovo System Agent Service - ok
21:12:52.0972 0x0ef4 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
21:12:53.0019 0x0ef4 lfsvc - ok
21:12:53.0019 0x0ef4 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys
21:12:53.0034 0x0ef4 LHDmgr - ok
21:12:53.0050 0x0ef4 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:12:53.0066 0x0ef4 lltdio - ok
21:12:53.0081 0x0ef4 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
21:12:53.0112 0x0ef4 lltdsvc - ok
21:12:53.0112 0x0ef4 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
21:12:53.0144 0x0ef4 lmhosts - ok
21:12:53.0159 0x0ef4 [ 9CA9CB0E115418F90FFC67973462280A, E3B25C360A9F5A614206B6AD07E67B2AF71D667E3CDC56BAC11F4C5AD0BACAA6 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:12:53.0409 0x0ef4 LMS - ok
21:12:53.0425 0x0ef4 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
21:12:53.0441 0x0ef4 LSI_SAS - ok
21:12:53.0441 0x0ef4 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:12:53.0472 0x0ef4 LSI_SAS2 - ok
21:12:53.0472 0x0ef4 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
21:12:53.0487 0x0ef4 LSI_SAS3 - ok
21:12:53.0503 0x0ef4 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
21:12:53.0519 0x0ef4 LSI_SSS - ok
21:12:53.0550 0x0ef4 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\WINDOWS\System32\lsm.dll
21:12:53.0597 0x0ef4 LSM - ok
21:12:53.0612 0x0ef4 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
21:12:53.0644 0x0ef4 luafv - ok
21:12:53.0659 0x0ef4 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:12:54.0050 0x0ef4 MDM - detected UnsignedFile.Multi.Generic ( 1 )
21:12:54.0128 0x0ef4 MDM ( UnsignedFile.Multi.Generic ) - warning
21:12:54.0128 0x0ef4 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
21:12:54.0159 0x0ef4 megasas - ok
21:12:54.0284 0x0ef4 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
21:12:54.0316 0x0ef4 megasr - ok
21:12:54.0331 0x0ef4 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
21:12:54.0347 0x0ef4 MEIx64 - ok
21:12:54.0362 0x0ef4 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll
21:12:54.0394 0x0ef4 MMCSS - ok
21:12:54.0409 0x0ef4 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
21:12:54.0441 0x0ef4 Modem - ok
21:12:54.0456 0x0ef4 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
21:12:54.0487 0x0ef4 monitor - ok
21:12:54.0487 0x0ef4 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
21:12:54.0519 0x0ef4 mouclass - ok
21:12:54.0519 0x0ef4 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
21:12:54.0550 0x0ef4 mouhid - ok
21:12:54.0566 0x0ef4 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
21:12:54.0597 0x0ef4 mountmgr - ok
21:12:54.0597 0x0ef4 [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:12:54.0644 0x0ef4 MozillaMaintenance - ok
21:12:54.0659 0x0ef4 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
21:12:54.0691 0x0ef4 mpsdrv - ok
21:12:54.0737 0x0ef4 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
21:12:54.0784 0x0ef4 MpsSvc - ok
21:12:54.0800 0x0ef4 [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
21:12:54.0816 0x0ef4 MRxDAV - ok
21:12:54.0831 0x0ef4 [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:12:54.0862 0x0ef4 mrxsmb - ok
21:12:54.0878 0x0ef4 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:12:54.0909 0x0ef4 mrxsmb10 - ok
21:12:54.0925 0x0ef4 [ 5C42CEE3E2018E1DFC6E3E17240A432A, 7DFF61686167535125BA376A9BE3DD1C2AC7A2C13455E0FD8E83AAE88E52F987 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:12:54.0941 0x0ef4 mrxsmb20 - ok
21:12:54.0956 0x0ef4 [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
21:12:54.0972 0x0ef4 MsBridge - ok
21:12:54.0987 0x0ef4 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:12:55.0003 0x0ef4 MSDTC - ok
21:12:55.0019 0x0ef4 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:12:55.0034 0x0ef4 Msfs - ok
21:12:55.0050 0x0ef4 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:12:55.0066 0x0ef4 msgpiowin32 - ok
21:12:55.0066 0x0ef4 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:12:55.0097 0x0ef4 mshidkmdf - ok
21:12:55.0097 0x0ef4 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
21:12:55.0112 0x0ef4 mshidumdf - ok
21:12:55.0112 0x0ef4 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
21:12:55.0144 0x0ef4 msisadrv - ok
21:12:55.0144 0x0ef4 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
21:12:55.0175 0x0ef4 MSiSCSI - ok
21:12:55.0175 0x0ef4 msiserver - ok
21:12:55.0191 0x0ef4 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:12:55.0206 0x0ef4 MSKSSRV - ok
21:12:55.0206 0x0ef4 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:12:55.0237 0x0ef4 MsLldp - ok
21:12:55.0237 0x0ef4 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:12:55.0253 0x0ef4 MSPCLOCK - ok
21:12:55.0269 0x0ef4 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:12:55.0284 0x0ef4 MSPQM - ok
21:12:55.0300 0x0ef4 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
21:12:55.0331 0x0ef4 MsRPC - ok
21:12:55.0331 0x0ef4 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
21:12:55.0362 0x0ef4 mssmbios - ok
21:12:55.0362 0x0ef4 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:12:55.0378 0x0ef4 MSTEE - ok
21:12:55.0394 0x0ef4 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
21:12:55.0409 0x0ef4 MTConfig - ok
21:12:55.0472 0x0ef4 [ 0FDA24E70513FE0DD9EFE01A3C3829B0, 306EF7ABF9761BF8D9236608E88F05C5BB22090F7EDBA4625C19C2DA44E163A1 ] MultiKMS C:\Windows\MultiKMS\MultiKMS.exe
21:12:55.0691 0x0ef4 MultiKMS - detected UnsignedFile.Multi.Generic ( 1 )
21:12:55.0691 0x0ef4 MultiKMS ( UnsignedFile.Multi.Generic ) - warning
21:12:55.0691 0x0ef4 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
21:12:55.0722 0x0ef4 Mup - ok
21:12:55.0722 0x0ef4 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
21:12:55.0738 0x0ef4 mvumis - ok
21:12:55.0769 0x0ef4 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll
21:12:55.0800 0x0ef4 napagent - ok
21:12:55.0816 0x0ef4 [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:12:55.0847 0x0ef4 NativeWifiP - ok
21:12:55.0863 0x0ef4 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
21:12:55.0894 0x0ef4 NcaSvc - ok
21:12:55.0894 0x0ef4 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll
21:12:55.0925 0x0ef4 NcbService - ok
21:12:55.0925 0x0ef4 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
21:12:55.0972 0x0ef4 NcdAutoSetup - ok
21:12:56.0019 0x0ef4 [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
21:12:56.0081 0x0ef4 NDIS - ok
21:12:56.0081 0x0ef4 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:12:56.0097 0x0ef4 NdisCap - ok
21:12:56.0113 0x0ef4 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:12:56.0144 0x0ef4 NdisImPlatform - ok
21:12:56.0144 0x0ef4 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:12:56.0159 0x0ef4 NdisTapi - ok
21:12:56.0175 0x0ef4 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:12:56.0191 0x0ef4 Ndisuio - ok
21:12:56.0191 0x0ef4 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:12:56.0222 0x0ef4 NdisVirtualBus - ok
21:12:56.0222 0x0ef4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:12:56.0253 0x0ef4 NdisWan - ok
21:12:56.0269 0x0ef4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:12:56.0300 0x0ef4 NdisWanLegacy - ok
21:12:56.0300 0x0ef4 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:12:56.0331 0x0ef4 NDProxy - ok
21:12:56.0331 0x0ef4 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
21:12:56.0363 0x0ef4 Ndu - ok
21:12:56.0363 0x0ef4 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:12:56.0394 0x0ef4 NetBIOS - ok
21:12:56.0394 0x0ef4 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:12:56.0425 0x0ef4 NetBT - ok
21:12:56.0441 0x0ef4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:12:56.0456 0x0ef4 Netlogon - ok
21:12:56.0472 0x0ef4 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll
21:12:56.0503 0x0ef4 Netman - ok
21:12:56.0519 0x0ef4 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
21:12:56.0566 0x0ef4 netprofm - ok
21:12:56.0613 0x0ef4 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:12:56.0675 0x0ef4 NetTcpPortSharing - ok
21:12:56.0675 0x0ef4 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys
21:12:56.0706 0x0ef4 netvsc - ok
21:12:56.0706 0x0ef4 [ FC91D7804B8FE5C2F0B12585C612F592, 0F43466D0F52D6A5282BD076005AC5F615C8CFCAC0D4B17B152E8AD0F556CB08 ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
21:12:56.0738 0x0ef4 NitroDriverReadSpool8 - ok
21:12:56.0753 0x0ef4 [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
21:12:56.0784 0x0ef4 NlaSvc - ok
21:12:56.0863 0x0ef4 [ 21D28C3448983A072B907E9BAC93D223, 27EF785F8A26E461EE9CDA18445E4896EB5BAE73ABE77262639320D45BC6A512 ] nlsX86cc C:\WINDOWS\SysWOW64\NLSSRV32.EXE
21:12:56.0909 0x0ef4 nlsX86cc - ok
21:12:56.0925 0x0ef4 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:12:56.0956 0x0ef4 Npfs - ok
21:12:56.0956 0x0ef4 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
21:12:56.0988 0x0ef4 npsvctrig - ok
21:12:57.0003 0x0ef4 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll
21:12:57.0034 0x0ef4 nsi - ok
21:12:57.0034 0x0ef4 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
21:12:57.0066 0x0ef4 nsiproxy - ok
21:12:57.0144 0x0ef4 [ 1C80517BE6836A812F6A9B99B8321351, 7DBED4633820E201C9C242D961EF6F25BA2B1D5593BA60F707CC71A4014C2D4B ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:12:57.0238 0x0ef4 Ntfs - ok
21:12:57.0238 0x0ef4 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
21:12:57.0269 0x0ef4 Null - ok
21:12:57.0675 0x0ef4 [ 0AC797F70F2F3E5B69A34FF2F63496F3, 80A811F8234BA00779BA76AAF41E830FB6CED03667E6E8F430C14DEBF2E45DD9 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
21:12:58.0144 0x0ef4 nvlddmkm - ok
21:12:58.0222 0x0ef4 [ C22ADABFABBC2B7AC189C87D87B1ABD6, 20886F806C1C02FA8BAA8B76AFCC32C40FA51921ED8D97F592DF9F92BFA933EE ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
21:12:58.0316 0x0ef4 NvNetworkService - ok
21:12:58.0331 0x0ef4 [ C045199456CE8B823AD85CB9507DEA3C, 9C070B7463AB22D1AFC116E89C690FD552ED68D138F9DD3BA9FAD9BB652DC940 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
21:12:58.0347 0x0ef4 nvpciflt - ok
21:12:58.0347 0x0ef4 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
21:12:58.0378 0x0ef4 nvraid - ok
21:12:58.0378 0x0ef4 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
21:12:58.0410 0x0ef4 nvstor - ok
21:12:58.0410 0x0ef4 [ A88135181D776F8C18550A589A9CAF2D, 47CA5246A55198BA5DEDD34C93A3C5E2DF0EED29ADA3F27AB963857116B6048E ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:12:58.0425 0x0ef4 NvStreamKms - ok
21:12:58.0425 0x0ef4 NvStreamSvc - ok
21:12:58.0472 0x0ef4 [ C135A25E8CF21EB631AB041ABB1F73EA, D0A3DC0411E888D0934B7579EEB980FA7824E3F22F70819A33411D8B8BC9EE42 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
21:12:58.0535 0x0ef4 nvsvc - ok
21:12:58.0535 0x0ef4 [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
21:12:58.0550 0x0ef4 nvvad_WaveExtensible - ok
21:12:58.0566 0x0ef4 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
21:12:58.0581 0x0ef4 nv_agp - ok
21:12:58.0597 0x0ef4 [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:58.0644 0x0ef4 ose - ok
21:12:58.0660 0x0ef4 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
21:12:58.0691 0x0ef4 p2pimsvc - ok
21:12:58.0706 0x0ef4 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
21:12:58.0738 0x0ef4 p2psvc - ok
21:12:58.0753 0x0ef4 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
21:12:58.0769 0x0ef4 Parport - ok
21:12:58.0785 0x0ef4 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
21:12:58.0800 0x0ef4 partmgr - ok
21:12:58.0816 0x0ef4 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
21:12:58.0847 0x0ef4 PcaSvc - ok
21:12:58.0878 0x0ef4 [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci C:\WINDOWS\system32\drivers\pci.sys
21:12:58.0894 0x0ef4 pci - ok
21:12:58.0910 0x0ef4 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
21:12:58.0925 0x0ef4 pciide - ok
21:12:58.0941 0x0ef4 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
21:12:58.0956 0x0ef4 pcmcia - ok
21:12:58.0956 0x0ef4 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
21:12:58.0988 0x0ef4 pcw - ok
21:12:58.0988 0x0ef4 [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
21:12:59.0003 0x0ef4 pdc - ok
21:12:59.0035 0x0ef4 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
21:12:59.0066 0x0ef4 PEAUTH - ok
21:12:59.0081 0x0ef4 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
21:12:59.0113 0x0ef4 PerfHost - ok
21:12:59.0175 0x0ef4 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll
21:12:59.0253 0x0ef4 pla - ok
21:12:59.0269 0x0ef4 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
21:12:59.0300 0x0ef4 PlugPlay - ok
21:12:59.0300 0x0ef4 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
21:12:59.0331 0x0ef4 PNRPAutoReg - ok
21:12:59.0347 0x0ef4 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
21:12:59.0378 0x0ef4 PNRPsvc - ok
21:12:59.0394 0x0ef4 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
21:12:59.0425 0x0ef4 PolicyAgent - ok
21:12:59.0441 0x0ef4 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll
21:12:59.0456 0x0ef4 Power - ok
21:12:59.0550 0x0ef4 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
21:12:59.0660 0x0ef4 PrintNotify - ok
21:12:59.0660 0x0ef4 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
21:12:59.0691 0x0ef4 Processor - ok
21:12:59.0691 0x0ef4 [ B2A890D96C05E33FDD2BF3F3D4D0DF92, 3A29E17424429A5654D906E420D938148F09F57457356EFA72DA003B73F2D81E ] ProfSvc C:\WINDOWS\system32\profsvc.dll
21:12:59.0722 0x0ef4 ProfSvc - ok
21:12:59.0738 0x0ef4 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
21:12:59.0753 0x0ef4 Psched - ok
21:12:59.0769 0x0ef4 [ BA5F7C107EACE67973B4B798832A74C7, 9BD593D72099AF9157AE4ADF75BD7C1D97B6C24F067603C27B79532678B5EC5F ] pxkbf C:\WINDOWS\system32\drivers\pxkbf.sys
21:12:59.0785 0x0ef4 pxkbf - ok
21:12:59.0785 0x0ef4 [ 007E57428802F587D0D6737AE7A9D989, EC3F0C0141933DE2C1A7B067ABC0B28F6DF178BE4048C75A268B644E38C9783A ] pxrts C:\WINDOWS\system32\drivers\pxrts.sys
21:12:59.0800 0x0ef4 pxrts - ok
21:12:59.0816 0x0ef4 [ 66D4D00C8908888A68B749D91F1E6789, B854C4C2C860B8CF00808BA07B9EBBFFF66D483B8A2AA15A94211E57B84EE1F2 ] pxscan C:\WINDOWS\system32\drivers\pxscan.sys
21:12:59.0831 0x0ef4 pxscan - ok
21:12:59.0847 0x0ef4 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll
21:12:59.0878 0x0ef4 QWAVE - ok
21:12:59.0894 0x0ef4 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
21:12:59.0910 0x0ef4 QWAVEdrv - ok
21:12:59.0910 0x0ef4 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:12:59.0941 0x0ef4 RasAcd - ok
21:12:59.0941 0x0ef4 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:12:59.0972 0x0ef4 RasAuto - ok
21:12:59.0988 0x0ef4 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:13:00.0035 0x0ef4 RasMan - ok
21:13:00.0035 0x0ef4 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:13:00.0066 0x0ef4 RasPppoe - ok
21:13:00.0081 0x0ef4 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:13:00.0113 0x0ef4 rdbss - ok
21:13:00.0113 0x0ef4 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
21:13:00.0144 0x0ef4 rdpbus - ok
21:13:00.0144 0x0ef4 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
21:13:00.0175 0x0ef4 RDPDR - ok
21:13:00.0175 0x0ef4 [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:13:00.0206 0x0ef4 RdpVideoMiniport - ok
21:13:00.0206 0x0ef4 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
21:13:00.0238 0x0ef4 rdyboost - ok
21:13:00.0285 0x0ef4 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
21:13:00.0331 0x0ef4 ReFS - ok
21:13:00.0347 0x0ef4 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:13:00.0378 0x0ef4 RemoteAccess - ok
21:13:00.0394 0x0ef4 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:13:00.0425 0x0ef4 RemoteRegistry - ok
21:13:00.0425 0x0ef4 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
21:13:00.0456 0x0ef4 RFCOMM - ok
21:13:00.0456 0x0ef4 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
21:13:00.0488 0x0ef4 RpcEptMapper - ok
21:13:00.0488 0x0ef4 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:13:00.0519 0x0ef4 RpcLocator - ok
21:13:00.0566 0x0ef4 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:13:00.0613 0x0ef4 RpcSs - ok
21:13:00.0613 0x0ef4 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:13:00.0644 0x0ef4 rspndr - ok
21:13:00.0660 0x0ef4 [ 55D45B4B7EC9C5DE2DE8C61C592463CF, 6DFFCFCD1761B72A88E36D55642B8A1951DBD71B0621EE26D82399DF6D05C2DE ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
21:13:00.0675 0x0ef4 RSUSBVSTOR - ok
21:13:01.0066 0x0ef4 [ 72DD449BAFC25BBFA48040CE5337092A, 102D64976874C682FCA806D66379F655FCC5F73AD9476DC485325BB963932393 ] rtsuvc C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
21:13:01.0378 0x0ef4 rtsuvc - ok
21:13:01.0394 0x0ef4 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
21:13:01.0410 0x0ef4 s3cap - ok
21:13:01.0410 0x0ef4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe
21:13:01.0441 0x0ef4 SamSs - ok
21:13:01.0441 0x0ef4 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:13:01.0457 0x0ef4 SASDIFSV - ok
21:13:01.0457 0x0ef4 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:13:01.0472 0x0ef4 SASKUTIL - ok
21:13:01.0582 0x0ef4 [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
21:13:01.0644 0x0ef4 SAVAdminService - ok
21:13:01.0660 0x0ef4 [ 54C1EDAE9DF790450A73F5CF42CBEEEC, FF2BB46F1EBCAF567B313A210A599B1794A5FAF1C766EC96F33A694B0EABF3E6 ] SAVOnAccess C:\WINDOWS\system32\DRIVERS\savonaccess.sys
21:13:01.0675 0x0ef4 SAVOnAccess - ok
21:13:01.0691 0x0ef4 [ 98E85176DD51C9EE6458799E902CFC00, 0E30EBC7C92F9D05FA26D9FCCA367B21F12CB280697B0C128D7702EA37279569 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
21:13:01.0738 0x0ef4 SAVService - ok
21:13:01.0738 0x0ef4 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
21:13:01.0769 0x0ef4 sbp2port - ok
21:13:01.0769 0x0ef4 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
21:13:01.0800 0x0ef4 SCardSvr - ok
21:13:01.0816 0x0ef4 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
21:13:01.0847 0x0ef4 ScDeviceEnum - ok
21:13:01.0847 0x0ef4 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:13:01.0878 0x0ef4 scfilter - ok
21:13:01.0925 0x0ef4 [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:13:01.0988 0x0ef4 Schedule - ok
|
|
20.08.2014, 17:10
| #6 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hier die Fortsetzung des Logfiles, weil es zu lang ist Code:
ATTFilter 21:13:02.0003 0x0ef4 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
21:13:02.0019 0x0ef4 SCPolicySvc - ok
21:13:02.0035 0x0ef4 [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
21:13:02.0066 0x0ef4 sdbus - ok
21:13:02.0066 0x0ef4 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
21:13:02.0097 0x0ef4 sdcfilter - ok
21:13:02.0160 0x0ef4 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:13:02.0269 0x0ef4 SDScannerService - ok
21:13:02.0285 0x0ef4 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
21:13:02.0300 0x0ef4 sdstor - ok
21:13:02.0378 0x0ef4 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:13:02.0519 0x0ef4 SDUpdateService - ok
21:13:02.0519 0x0ef4 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:13:02.0566 0x0ef4 SDWSCService - ok
21:13:02.0582 0x0ef4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
21:13:02.0597 0x0ef4 secdrv - ok
21:13:02.0613 0x0ef4 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll
21:13:02.0628 0x0ef4 seclogon - ok
21:13:02.0644 0x0ef4 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll
21:13:02.0675 0x0ef4 SENS - ok
21:13:02.0675 0x0ef4 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
21:13:02.0707 0x0ef4 SensrSvc - ok
21:13:02.0722 0x0ef4 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
21:13:02.0738 0x0ef4 SerCx - ok
21:13:02.0753 0x0ef4 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
21:13:02.0769 0x0ef4 SerCx2 - ok
21:13:02.0769 0x0ef4 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
21:13:02.0800 0x0ef4 Serenum - ok
21:13:02.0800 0x0ef4 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
21:13:02.0816 0x0ef4 Serial - ok
21:13:02.0832 0x0ef4 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
21:13:02.0847 0x0ef4 sermouse - ok
21:13:02.0878 0x0ef4 [ 77A7651C4077DC0E5EBAA6574D586749, EE9BC6533F490B41DDDD5140AC809891F4F9684F35B467ABB3D9306B9C07D363 ] Service KMSELDI C:\Program Files\KMSpico\Service_KMS.exe
21:13:03.0082 0x0ef4 Service KMSELDI - detected UnsignedFile.Multi.Generic ( 1 )
21:13:03.0082 0x0ef4 Service KMSELDI ( UnsignedFile.Multi.Generic ) - warning
21:13:03.0097 0x0ef4 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
21:13:03.0128 0x0ef4 SessionEnv - ok
21:13:03.0128 0x0ef4 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
21:13:03.0144 0x0ef4 sfloppy - ok
21:13:03.0175 0x0ef4 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:13:03.0207 0x0ef4 SharedAccess - ok
21:13:03.0238 0x0ef4 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:13:03.0300 0x0ef4 ShellHWDetection - ok
21:13:03.0300 0x0ef4 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:13:03.0332 0x0ef4 SiSRaid2 - ok
21:13:03.0332 0x0ef4 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
21:13:03.0347 0x0ef4 SiSRaid4 - ok
21:13:03.0363 0x0ef4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:13:03.0644 0x0ef4 SkypeUpdate - ok
21:13:03.0644 0x0ef4 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll
21:13:03.0660 0x0ef4 smphost - ok
21:13:03.0675 0x0ef4 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:13:03.0691 0x0ef4 SNMPTRAP - ok
21:13:03.0707 0x0ef4 [ 1ABE4E5F76932F78C64741272D1AD9AF, E3C65792505CD7CA2B091BC11AB3B8CE01CBDAF7B9E74DCD5E9E1D21BE5C65DC ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
21:13:03.0754 0x0ef4 Sophos AutoUpdate Service - ok
21:13:03.0769 0x0ef4 [ 7FC901EFF44632427FDEE4E90B93A0FD, 2DF87685321D3BB72F643421D89C43DC78F545F355C05695420EE7DAB52F3586 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
21:13:03.0879 0x0ef4 Sophos Web Control Service - ok
21:13:03.0894 0x0ef4 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
21:13:03.0910 0x0ef4 SophosBootDriver - ok
21:13:03.0925 0x0ef4 [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
21:13:03.0957 0x0ef4 spaceport - ok
21:13:03.0972 0x0ef4 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
21:13:03.0988 0x0ef4 SpbCx - ok
21:13:04.0019 0x0ef4 [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\WINDOWS\System32\spoolsv.exe
21:13:04.0066 0x0ef4 Spooler - ok
21:13:04.0269 0x0ef4 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
21:13:04.0519 0x0ef4 sppsvc - ok
21:13:04.0582 0x0ef4 [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:13:04.0629 0x0ef4 srv - ok
21:13:04.0660 0x0ef4 [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
21:13:04.0691 0x0ef4 srv2 - ok
21:13:04.0707 0x0ef4 [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:13:04.0738 0x0ef4 srvnet - ok
21:13:04.0754 0x0ef4 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:13:04.0785 0x0ef4 SSDPSRV - ok
21:13:04.0785 0x0ef4 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
21:13:04.0816 0x0ef4 SstpSvc - ok
21:13:04.0832 0x0ef4 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
21:13:04.0847 0x0ef4 stexstor - ok
21:13:04.0863 0x0ef4 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll
21:13:04.0910 0x0ef4 stisvc - ok
21:13:04.0925 0x0ef4 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
21:13:04.0941 0x0ef4 storahci - ok
21:13:04.0941 0x0ef4 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
21:13:04.0972 0x0ef4 storflt - ok
21:13:04.0972 0x0ef4 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
21:13:04.0988 0x0ef4 stornvme - ok
21:13:05.0004 0x0ef4 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll
21:13:05.0019 0x0ef4 StorSvc - ok
21:13:05.0019 0x0ef4 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
21:13:05.0050 0x0ef4 storvsc - ok
21:13:05.0050 0x0ef4 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll
21:13:05.0082 0x0ef4 svsvc - ok
21:13:05.0082 0x0ef4 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
21:13:05.0097 0x0ef4 swenum - ok
21:13:05.0113 0x0ef4 [ DEA4308157DC209C7240E54248F6622B, C67A29E47CA77A52368BB452AD71212FF5C2CD8F01446596CD76CED2C601F64D ] swi_callout C:\WINDOWS\system32\DRIVERS\swi_callout.sys
21:13:05.0129 0x0ef4 swi_callout - ok
21:13:05.0144 0x0ef4 [ AF03F7604C07D06873958F70E3E65A40, BF196FC2358EF8F411481FC512BCB7B9627AF661E4DCF6CEE4C885D656086B57 ] swi_filter C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
21:13:05.0207 0x0ef4 swi_filter - ok
21:13:05.0332 0x0ef4 [ 9B02A4A85AAD0114CF7899F1C9560BAE, 30C098861127603CF1C415193A75F3BBC481DDE10E05AF225D2CB3524A3A4F38 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
21:13:05.0472 0x0ef4 swi_service - ok
21:13:05.0504 0x0ef4 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\WINDOWS\System32\swprv.dll
21:13:05.0550 0x0ef4 swprv - ok
21:13:05.0582 0x0ef4 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\WINDOWS\system32\sysmain.dll
21:13:05.0644 0x0ef4 SysMain - ok
21:13:05.0660 0x0ef4 [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:13:05.0691 0x0ef4 SystemEventsBroker - ok
21:13:05.0691 0x0ef4 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:13:05.0722 0x0ef4 TabletInputService - ok
21:13:05.0738 0x0ef4 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:13:05.0769 0x0ef4 TapiSrv - ok
21:13:05.0925 0x0ef4 [ 25AC0B50A71938890970E1508F107196, 6FAFBA2DFFFF9916CC304AE7E6AD0F6CE1D6F4AAE6B2C113202D78310EFEBC58 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
21:13:06.0019 0x0ef4 Tcpip - ok
21:13:06.0144 0x0ef4 [ 25AC0B50A71938890970E1508F107196, 6FAFBA2DFFFF9916CC304AE7E6AD0F6CE1D6F4AAE6B2C113202D78310EFEBC58 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:13:06.0238 0x0ef4 TCPIP6 - ok
21:13:06.0254 0x0ef4 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
21:13:06.0269 0x0ef4 tcpipreg - ok
21:13:06.0285 0x0ef4 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
21:13:06.0301 0x0ef4 tdx - ok
21:13:06.0316 0x0ef4 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
21:13:06.0332 0x0ef4 terminpt - ok
21:13:06.0379 0x0ef4 [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService C:\WINDOWS\System32\termsrv.dll
21:13:06.0426 0x0ef4 TermService - ok
21:13:06.0441 0x0ef4 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll
21:13:06.0472 0x0ef4 Themes - ok
21:13:06.0472 0x0ef4 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
21:13:06.0488 0x0ef4 THREADORDER - ok
21:13:06.0504 0x0ef4 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
21:13:06.0551 0x0ef4 TimeBroker - ok
21:13:06.0551 0x0ef4 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
21:13:06.0582 0x0ef4 TPM - ok
21:13:06.0597 0x0ef4 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll
21:13:06.0613 0x0ef4 TrkWks - ok
21:13:06.0629 0x0ef4 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:13:06.0644 0x0ef4 TrustedInstaller - ok
21:13:06.0660 0x0ef4 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
21:13:06.0676 0x0ef4 TsUsbFlt - ok
21:13:06.0676 0x0ef4 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:13:06.0707 0x0ef4 TsUsbGD - ok
21:13:06.0707 0x0ef4 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:13:06.0738 0x0ef4 tunnel - ok
21:13:06.0738 0x0ef4 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
21:13:06.0769 0x0ef4 uagp35 - ok
21:13:06.0769 0x0ef4 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
21:13:06.0785 0x0ef4 UASPStor - ok
21:13:06.0801 0x0ef4 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
21:13:06.0832 0x0ef4 UCX01000 - ok
21:13:06.0847 0x0ef4 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
21:13:06.0879 0x0ef4 udfs - ok
21:13:06.0879 0x0ef4 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
21:13:06.0910 0x0ef4 UEFI - ok
21:13:06.0910 0x0ef4 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
21:13:06.0941 0x0ef4 UI0Detect - ok
21:13:06.0941 0x0ef4 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
21:13:06.0972 0x0ef4 uliagpkx - ok
21:13:06.0972 0x0ef4 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
21:13:06.0988 0x0ef4 umbus - ok
21:13:07.0004 0x0ef4 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
21:13:07.0019 0x0ef4 UmPass - ok
21:13:07.0035 0x0ef4 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
21:13:07.0066 0x0ef4 UmRdpService - ok
21:13:07.0082 0x0ef4 [ 6EE394F8BFDC59D51E1C347246867004, DDD2A7CF321A4EF0BA2F87EDA61E477CBC8A63D99D52CDBFA71CA28140DA780D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:13:07.0129 0x0ef4 UNS - ok
21:13:07.0144 0x0ef4 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:13:07.0176 0x0ef4 upnphost - ok
21:13:07.0191 0x0ef4 [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
21:13:07.0222 0x0ef4 usbccgp - ok
21:13:07.0222 0x0ef4 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
21:13:07.0238 0x0ef4 usbcir - ok
21:13:07.0254 0x0ef4 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
21:13:07.0269 0x0ef4 usbehci - ok
21:13:07.0285 0x0ef4 [ 93435654DCA210298BA0F986EB51C679, 926313A0499100EA5C49C5EC44BB8FE5F8F2A7F57F3EA56D59DA694F8396A409 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
21:13:07.0332 0x0ef4 usbhub - ok
21:13:07.0347 0x0ef4 [ 83C9C45D59C72FEFDAE9A5686BE31FEA, 12FC2C3C3C5CD5F2EFBAA11A1AD06FDD7DDB6EECF6F2684BBAAF88198D976316 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
21:13:07.0379 0x0ef4 USBHUB3 - ok
21:13:07.0394 0x0ef4 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
21:13:07.0410 0x0ef4 usbohci - ok
21:13:07.0410 0x0ef4 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
21:13:07.0441 0x0ef4 usbprint - ok
21:13:07.0441 0x0ef4 [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:13:07.0472 0x0ef4 USBSTOR - ok
21:13:07.0488 0x0ef4 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
21:13:07.0504 0x0ef4 usbuhci - ok
21:13:07.0519 0x0ef4 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:13:07.0551 0x0ef4 USBXHCI - ok
21:13:07.0582 0x0ef4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe
21:13:07.0597 0x0ef4 VaultSvc - ok
21:13:07.0613 0x0ef4 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
21:13:07.0629 0x0ef4 vdrvroot - ok
21:13:07.0676 0x0ef4 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\WINDOWS\System32\vds.exe
21:13:07.0722 0x0ef4 vds - ok
21:13:07.0738 0x0ef4 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
21:13:07.0754 0x0ef4 VerifierExt - ok
21:13:07.0801 0x0ef4 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
21:13:07.0847 0x0ef4 vhdmp - ok
21:13:07.0847 0x0ef4 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
21:13:07.0879 0x0ef4 viaide - ok
21:13:07.0879 0x0ef4 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
21:13:07.0910 0x0ef4 vmbus - ok
21:13:07.0910 0x0ef4 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
21:13:07.0926 0x0ef4 VMBusHID - ok
21:13:07.0941 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
21:13:07.0988 0x0ef4 vmicguestinterface - ok
21:13:08.0004 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
21:13:08.0051 0x0ef4 vmicheartbeat - ok
21:13:08.0066 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:13:08.0097 0x0ef4 vmickvpexchange - ok
21:13:08.0113 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
21:13:08.0207 0x0ef4 vmicrdv - ok
21:13:08.0222 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
21:13:08.0269 0x0ef4 vmicshutdown - ok
21:13:08.0285 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
21:13:08.0316 0x0ef4 vmictimesync - ok
21:13:08.0347 0x0ef4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
21:13:08.0379 0x0ef4 vmicvss - ok
21:13:08.0394 0x0ef4 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
21:13:08.0410 0x0ef4 volmgr - ok
21:13:08.0426 0x0ef4 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
21:13:08.0457 0x0ef4 volmgrx - ok
21:13:08.0473 0x0ef4 [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
21:13:08.0519 0x0ef4 volsnap - ok
21:13:08.0519 0x0ef4 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
21:13:08.0535 0x0ef4 vpci - ok
21:13:08.0551 0x0ef4 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
21:13:08.0566 0x0ef4 vsmraid - ok
21:13:08.0629 0x0ef4 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\WINDOWS\system32\vssvc.exe
21:13:08.0691 0x0ef4 VSS - ok
21:13:08.0707 0x0ef4 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
21:13:08.0738 0x0ef4 VSTXRAID - ok
21:13:08.0754 0x0ef4 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
21:13:08.0769 0x0ef4 vwifibus - ok
21:13:08.0785 0x0ef4 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:13:08.0801 0x0ef4 vwififlt - ok
21:13:08.0801 0x0ef4 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
21:13:08.0816 0x0ef4 vwifimp - ok
21:13:08.0848 0x0ef4 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\WINDOWS\system32\w32time.dll
21:13:08.0879 0x0ef4 W32Time - ok
21:13:08.0894 0x0ef4 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
21:13:08.0910 0x0ef4 WacomPen - ok
21:13:08.0957 0x0ef4 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\WINDOWS\system32\wbengine.exe
21:13:09.0019 0x0ef4 wbengine - ok
21:13:09.0051 0x0ef4 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
21:13:09.0082 0x0ef4 WbioSrvc - ok
21:13:09.0098 0x0ef4 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
21:13:09.0129 0x0ef4 Wcmsvc - ok
21:13:09.0160 0x0ef4 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
21:13:09.0191 0x0ef4 wcncsvc - ok
21:13:09.0207 0x0ef4 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:13:09.0223 0x0ef4 WcsPlugInService - ok
21:13:09.0238 0x0ef4 [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
21:13:09.0254 0x0ef4 WdBoot - ok
21:13:09.0285 0x0ef4 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
21:13:09.0332 0x0ef4 Wdf01000 - ok
21:13:09.0348 0x0ef4 [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
21:13:09.0379 0x0ef4 WdFilter - ok
21:13:09.0379 0x0ef4 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
21:13:09.0426 0x0ef4 WdiServiceHost - ok
21:13:09.0426 0x0ef4 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
21:13:09.0457 0x0ef4 WdiSystemHost - ok
21:13:09.0473 0x0ef4 [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
21:13:09.0488 0x0ef4 WdNisDrv - ok
21:13:09.0504 0x0ef4 WdNisSvc - ok
21:13:09.0504 0x0ef4 [ D261A12A43D33122CB90E70D3BC1CC68, 1B5237909CDD5DC4982599E94C2AAC37FEA6B1C282249DEB13E84A826C6E4B01 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:13:09.0535 0x0ef4 WebClient - ok
21:13:09.0551 0x0ef4 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
21:13:09.0582 0x0ef4 Wecsvc - ok
21:13:09.0582 0x0ef4 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
21:13:09.0613 0x0ef4 WEPHOSTSVC - ok
21:13:09.0613 0x0ef4 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
21:13:09.0644 0x0ef4 wercplsupport - ok
21:13:09.0644 0x0ef4 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
21:13:09.0676 0x0ef4 WerSvc - ok
21:13:09.0691 0x0ef4 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:13:09.0707 0x0ef4 WFPLWFS - ok
21:13:09.0723 0x0ef4 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
21:13:09.0738 0x0ef4 WiaRpc - ok
21:13:09.0738 0x0ef4 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
21:13:09.0769 0x0ef4 WIMMount - ok
21:13:09.0769 0x0ef4 WinDefend - ok
21:13:09.0769 0x0ef4 [ A0D15D8727D0780C51628DF46B7268B3, 5E23F3ED1D6620C39A644F9879404A22DED86B3B076EC4A898B4B6BE244AFD64 ] WinDivert1.1 C:\Program Files\KMSpico\WinDivert.sys
21:13:09.0785 0x0ef4 WinDivert1.1 - ok
21:13:09.0832 0x0ef4 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:13:09.0879 0x0ef4 WinHttpAutoProxySvc - ok
21:13:09.0894 0x0ef4 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:13:09.0926 0x0ef4 Winmgmt - ok
21:13:10.0019 0x0ef4 [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:13:10.0129 0x0ef4 WinRM - ok
21:13:10.0144 0x0ef4 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
21:13:10.0160 0x0ef4 WinUsb - ok
21:13:10.0223 0x0ef4 [ EF252510DB6C3511E30418BD2AC95A2D, 75B496F5C611129D9D19B382503830FDB0E2E61D4880D2821AE381DF578C5E56 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
21:13:10.0285 0x0ef4 WlanSvc - ok
21:13:10.0348 0x0ef4 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
21:13:10.0410 0x0ef4 wlidsvc - ok
21:13:10.0426 0x0ef4 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
21:13:10.0441 0x0ef4 WmiAcpi - ok
21:13:10.0457 0x0ef4 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:13:10.0488 0x0ef4 wmiApSrv - ok
21:13:10.0488 0x0ef4 WMPNetworkSvc - ok
21:13:10.0488 0x0ef4 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
21:13:10.0519 0x0ef4 Wof - ok
21:13:10.0582 0x0ef4 [ 5071E71CC05346D88C5A08EB8B5A05E3, EA2B14130EDD1846B2E25D310B0D49253CFB43C22D3DC7B3179DF7349CC4AEFB ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
21:13:10.0644 0x0ef4 workfolderssvc - ok
21:13:10.0660 0x0ef4 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:13:10.0676 0x0ef4 wpcfltr - ok
21:13:10.0691 0x0ef4 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
21:13:10.0707 0x0ef4 WPCSvc - ok
21:13:10.0723 0x0ef4 [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
21:13:10.0738 0x0ef4 WPDBusEnum - ok
21:13:10.0754 0x0ef4 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:13:10.0769 0x0ef4 WpdUpFltr - ok
21:13:10.0769 0x0ef4 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:13:10.0801 0x0ef4 ws2ifsl - ok
21:13:10.0801 0x0ef4 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\WINDOWS\System32\wscsvc.dll
21:13:10.0832 0x0ef4 wscsvc - ok
21:13:10.0832 0x0ef4 WSearch - ok
21:13:10.0941 0x0ef4 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\WINDOWS\System32\WSService.dll
21:13:11.0082 0x0ef4 WSService - ok
21:13:11.0098 0x0ef4 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
21:13:11.0129 0x0ef4 wsvd - ok
21:13:11.0254 0x0ef4 [ E66AC3CA92FC471BFE69F61549193A64, E2DD7EA4ED164EE8FB07546896BE743734B04DE4C9480E84231901CB2C63F31C ] wuauserv C:\WINDOWS\system32\wuaueng.dll
21:13:11.0379 0x0ef4 wuauserv - ok
21:13:11.0395 0x0ef4 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
21:13:11.0410 0x0ef4 WudfPf - ok
21:13:11.0426 0x0ef4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
21:13:11.0457 0x0ef4 WUDFRd - ok
21:13:11.0457 0x0ef4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
21:13:11.0488 0x0ef4 WUDFSensorLP - ok
21:13:11.0488 0x0ef4 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
21:13:11.0520 0x0ef4 wudfsvc - ok
21:13:11.0520 0x0ef4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:13:11.0551 0x0ef4 WUDFWpdFs - ok
21:13:11.0566 0x0ef4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:13:11.0582 0x0ef4 WUDFWpdMtp - ok
21:13:11.0613 0x0ef4 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
21:13:11.0660 0x0ef4 WwanSvc - ok
21:13:11.0723 0x0ef4 [ 86B8B1F5C1189D68B07666784BE882FE, 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:13:11.0801 0x0ef4 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:13:11.0801 0x0ef4 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
21:13:11.0816 0x0ef4 ================ Scan global ===============================
21:13:11.0832 0x0ef4 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
21:13:11.0832 0x0ef4 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
21:13:11.0848 0x0ef4 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
21:13:11.0863 0x0ef4 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
21:13:11.0879 0x0ef4 [ Global ] - ok
21:13:11.0879 0x0ef4 ================ Scan MBR ==================================
21:13:11.0879 0x0ef4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:13:11.0973 0x0ef4 \Device\Harddisk0\DR0 - ok
21:13:11.0973 0x0ef4 ================ Scan VBR ==================================
21:13:11.0988 0x0ef4 [ 5A6D4101CA00F822C9CBA4AE74C7A44B ] \Device\Harddisk0\DR0\Partition1
21:13:11.0988 0x0ef4 \Device\Harddisk0\DR0\Partition1 - ok
21:13:11.0988 0x0ef4 [ B2AC5492844924AB3090DC336F9512EC ] \Device\Harddisk0\DR0\Partition2
21:13:11.0988 0x0ef4 \Device\Harddisk0\DR0\Partition2 - ok
21:13:11.0988 0x0ef4 [ 9B78A3A54C298B530A227E6760C22FEE ] \Device\Harddisk0\DR0\Partition3
21:13:12.0004 0x0ef4 \Device\Harddisk0\DR0\Partition3 - ok
21:13:12.0004 0x0ef4 [ DA2C5BC852AC4969BD8E9F3E7553087F ] \Device\Harddisk0\DR0\Partition4
21:13:12.0004 0x0ef4 \Device\Harddisk0\DR0\Partition4 - ok
21:13:12.0004 0x0ef4 [ CC582586A3000AAFFEB3F303EA8ECDCC ] \Device\Harddisk0\DR0\Partition5
21:13:12.0020 0x0ef4 \Device\Harddisk0\DR0\Partition5 - ok
21:13:12.0020 0x0ef4 [ 40209FF1B4C1A87918B237EAB77ABFCB ] \Device\Harddisk0\DR0\Partition6
21:13:12.0020 0x0ef4 \Device\Harddisk0\DR0\Partition6 - ok
21:13:12.0020 0x0ef4 [ 4E523CD4A3868DE9D78E21E683309B72 ] \Device\Harddisk0\DR0\Partition7
21:13:12.0020 0x0ef4 \Device\Harddisk0\DR0\Partition7 - ok
21:13:12.0035 0x0ef4 [ DF9F60877CBB6FE40ABE71DEB4719A2E ] \Device\Harddisk0\DR0\Partition8
21:13:12.0035 0x0ef4 \Device\Harddisk0\DR0\Partition8 - ok
21:13:12.0035 0x0ef4 ================ Scan generic autorun ======================
21:13:12.0035 0x0ef4 ETDCtrl - ok
21:13:12.0254 0x0ef4 [ 2E1BD262E3A6C56E4A257FF8C91045AF, DDB8BD57F0469E3FB31F05158E221AC31898EA1FC48C2892FE5CB2F53BD6CCB1 ] C:\WINDOWS\RTFTrack.exe
21:13:12.0488 0x0ef4 RtsFT - ok
21:13:12.0504 0x0ef4 [ D94BCD3B86F5220BEFC277B395EEE845, 61D3DE5621CE855F8EA5BF2308D0DFFB3B517BF7187AEE1FEF6785C5880E7D49 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:13:12.0535 0x0ef4 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:13:12.0535 0x0ef4 IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
21:13:12.0535 0x0ef4 Force sending object to P2P due to detect: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:13:12.0566 0x0ef4 Object send P2P result: false
21:13:12.0598 0x0ef4 [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
21:13:12.0645 0x0ef4 cAudioFilterAgent - ok
21:13:12.0707 0x0ef4 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
21:13:12.0770 0x0ef4 SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
21:13:12.0770 0x0ef4 SmartAudio ( UnsignedFile.Multi.Generic ) - warning
21:13:12.0770 0x0ef4 Force sending object to P2P due to detect: C:\Program Files\CONEXANT\SAII\SACpl.exe
21:13:12.0785 0x0ef4 Object send P2P result: false
21:13:13.0457 0x0ef4 [ B0F2C94368921643D3E256C07B93C391, 705E96BBB7D87ECEF333BEC857B6C1FA97AE91D5C3D5102EE1687BC7382DFF92 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
21:13:14.0082 0x0ef4 Energy Management - ok
21:13:14.0129 0x0ef4 [ 7F19FEF6B2172A2A872B3FF350CCD213, 772CC5F9B28602A7C8554AFBD085D9B7BDC26D8039F041D6945426834565C106 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
21:13:14.0160 0x0ef4 EnergyUtility - ok
21:13:14.0160 0x0ef4 [ 3293EDFFDDD6428AF31277F8CE6E39A2, EA73444CE66447A407166126744FB45C8BCBA102505EF63588AA08AA5BB584B0 ] C:\WINDOWS\system32\igfxtray.exe
21:13:14.0192 0x0ef4 IgfxTray - ok
21:13:14.0207 0x0ef4 [ 25BB22FF0CB62BBD56EB3141FDB6DC57, A8E600A81BB7285F0DAC511FADE5F648424FAF6C8159CF5D2D1C303EFF9E32F7 ] C:\WINDOWS\system32\hkcmd.exe
21:13:14.0238 0x0ef4 HotKeysCmds - ok
21:13:14.0254 0x0ef4 [ DB3C847EAB293E36131DB5E56FCEE95B, 79C863133857870FD16447ABA58D158099018D68653C11765345988D7E33F2E0 ] C:\WINDOWS\system32\igfxpers.exe
21:13:14.0285 0x0ef4 Persistence - ok
21:13:14.0363 0x0ef4 [ 44FE94FCDF97E574B6986C5A81758628, D950CF92623CA2AD053F7DCC44B483176D02E721C716255957DA90A083D0F1B9 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:13:14.0676 0x0ef4 NvBackend - ok
21:13:14.0692 0x0ef4 [ 6E0BDFBEEED65B017F2E4C2C910B0520, 54D798C2E2804DCDB84E9650EA4A032C669B10C586B396D5505F16235D83882C ] C:\WINDOWS\system32\rundll32.exe
21:13:14.0723 0x0ef4 ShadowPlay - ok
21:13:14.0723 0x0ef4 [ C2513AEB3F326B8811E2A37C9A7F930B, E3D9C0BB1A31367E7E3E0ED71F04068DF09F57CA293293B24D841331A1F9ADCB ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
21:13:14.0801 0x0ef4 YouCam Tray - ok
21:13:14.0817 0x0ef4 [ 16D807D8B07A868298A8044E576BE419, 148399752A497E7FEA07C59C89834E266652AC1C0793B5C9C429FDBB37AB7617 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
21:13:14.0863 0x0ef4 UpdateP2GShortCut - detected UnsignedFile.Multi.Generic ( 1 )
21:13:14.0863 0x0ef4 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - warning
21:13:14.0863 0x0ef4 [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
21:13:14.0942 0x0ef4 RemoteControl10 - ok
21:13:14.0942 0x0ef4 [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
21:13:15.0020 0x0ef4 Intel AppUp(SM) center - ok
21:13:15.0051 0x0ef4 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:13:15.0113 0x0ef4 Adobe ARM - ok
21:13:15.0176 0x0ef4 [ 9233AF32A4BD905B1CF7F01E783496B8, FD60DA0F7101EDC2EE5CA06F3AD77CA50BF210BA7EBDEC5D86AD2727A4DFA2EF ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
21:13:15.0395 0x0ef4 Sophos AutoUpdate Monitor - ok
21:13:15.0629 0x0ef4 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
21:13:16.0176 0x0ef4 SDTray - ok
21:13:16.0457 0x0ef4 [ CB7668CCBD88BA171BE8117A2F5A19B9, 28F4E1C7E1A048F6A5958DB96CA395BF572A8B31DB7F3B6288C820D88C9AFC6A ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
21:13:16.0801 0x0ef4 SUPERAntiSpyware - ok
21:13:16.0832 0x0ef4 [ FC0B4A626881D7C5980D757214DB2D25, 0B9BC863E2807B6886760480083E51BA8A66118659F4FF274E7B73944D2219F5 ] C:\WINDOWS\system32\cmd.exe
21:13:16.0864 0x0ef4 Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 - ok
21:13:16.0957 0x0ef4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
21:13:16.0973 0x0ef4 AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.3.6.0 ), 0x51000 ( enabled : updated )
21:13:16.0989 0x0ef4 Win FW state via NFP2: enabled
21:13:16.0989 0x0ef4 ============================================================
21:13:16.0989 0x0ef4 Scan finished
21:13:16.0989 0x0ef4 ============================================================
21:13:16.0989 0x01c0 Detected object count: 7
21:13:16.0989 0x01c0 Actual detected object count: 7
21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:11.0748 0x149c Deinitialize success
Ich habe die Sachen schon vor einigen Monaten runtergeladen (ich habe eine originale Windows 8 Kopie) und dachten die wären harmlose Adware, weil ich früher nie Probleme am Rechner gehabt habe. Der Rechner ist etwa ein halbes Jahr alt. Soll ich diese entfernen? Und ist er möglich, dass diese Dateien andere Dateien infiziert haben? P.S.: Ich mache mir da auch Sorgen um mdm.exe. Habe gerade auf meinem Rechner nachgeschlagen, und da steht als Änderungsdatum 26.10.2006. Das ist aber totaler Unsinn, weil ich den Rechner samt OS erst Anfang 2014 gekauft habe. Folgende Dateien sind mit dem Datum 26.10.2006 versehen: mdm.exe msdbg2.dll pdm.dll vs7jit Oder: C:\Program Files (x86)\Common Files\ Microsoft Shared\ VS/DEBUG\ |
|
21.08.2014, 17:02
| #7 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Das ist kein Crack für WIndows, sondern für Office. Den Kram entfernen, inklusive allem von Office.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.08.2014, 17:09
| #9 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.08.2014, 18:58
| #10 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hallo schrauber, hier das mbam log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.08.2014 Suchlauf-Zeit: 19:07:57 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.22.07 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: XXXXX Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 325842 Verstrichene Zeit: 12 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) adwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 22/08/2014 um 19:40:16
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : XXXXX - XXXXX
# Gestartet von : C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\prefs.js ]
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1101 octets] - [22/08/2014 19:31:32]
AdwCleaner[S0].txt - [1023 octets] - [22/08/2014 19:40:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1083 octets] ##########
[/CODE] Und zum guten Letzt JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by XXXXX on 22.08.2014 at 19:48:08,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\2izpmsgo.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2014 at 19:53:13,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
23.08.2014, 16:32
| #11 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff VerweigertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.08.2014, 22:15
| #12 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hi Schrauber, hab bei der Durchführung von ESET einen kleinen Fehler gemacht, indem ich nur den Sophos AV Scan deaktiviert habe. Es liefen auch SuperAntiSypware und PrevX 3.0 auf dem Rechner. Also musste ich mitten im ESET Scan abbrechen. Ich habe versucht diese zu deaktivieren, by PrevX hat es irgendwie nicht geklappt und der Laptop zeigte mir wieder diese "Zugriff verweigert" Nachricht, als ich versucht habe PrevX mit TaskManager zu beenden. Ich habe es jetzt einfach deinstalliert, war eh nicht mein primärer AV-Software. Ich habe wieder einen ESET Scan gestartet, das wird aber wohl etwas dauern. Ich poste sobald es Neuigkeiten gibt. Was meinst du, warum wird mir dieses "zugriff verweigert" gezeigt (passiert nur bei PrevX)? Bis später. --------------------------------------------------------------------------------------------------------------------------------- So nach vier langen Stunden hier die ESET und FRST log files. SecurityCheck hat bei mir nicht funktioniert. Bei der Installation bekam ich die Meldung, dass die Datei beschädigt ist. Plus, Sophos hat bei SecurityCheck Adware erkannt. Dann habe ich den Vorgang einfach abgebrochen und das Ding gelöscht. Übrigens wurde ein HackKMS von ESET erkannt, obwohl ich alles wie versprochen entfernt hatte. ESET Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=af9787f0a3d5bc43834905b060283513
# engine=19805
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-23 08:43:44
# local_time=2014-08-23 10:43:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7706430 33707917 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 98 299089 29404967 0 0
# scanned=712632
# found=1
# cleaned=1
# scan_time=8438
sh=66C72019EAFA41BBF3E708CC3824C7C4447BDAB6 ft=1 fh=0a46a8abafa4da1b vn="Win64/HackKMS.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\SECOH-QAD.exe"
FRST Log FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by XXXXX (administrator) on XXXXX on 23-08-2014 23:02:00
Running from C:\Users\XXXXX\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Atheros Communications))
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 MultiKMS; C:\Windows\MultiKMS\MultiKMS.exe [1485824 2014-04-07] () [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed]
S2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 pxkbf; System32\drivers\pxkbf.sys [X]
R1 pxrts; System32\drivers\pxrts.sys [X]
R0 pxscan; System32\drivers\pxscan.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 18:00 - 2014-08-23 17:50 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-22 19:53 - 2014-08-22 19:53 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:47 - 2014-08-22 19:34 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:44 - 2014-08-22 19:40 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
2014-08-22 19:31 - 2014-08-22 19:43 - 00000000 ____D () C:\AdwCleaner
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:22 - 2014-08-23 11:33 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-22 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 20:05 - 2004-01-16 20:57 - 302548481 ____R (InstallShield Software Corporation) C:\Users\XXXXX\Desktop\cs16full_v4+zbot.exe
2014-08-21 17:18 - 2014-08-21 18:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:17 - 2014-08-23 22:59 - 00036877 _____ () C:\Users\XXXXX\Desktop\Addition.txt
2014-08-19 17:16 - 2014-08-23 23:02 - 00018985 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-19 17:16 - 2014-08-23 23:02 - 00000000 ____D () C:\FRST
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable
2014-08-19 17:14 - 2014-08-23 22:58 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-08-18 19:39 - 2014-08-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 17:02 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-23 19:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll-153968
2014-08-14 18:56 - 2014-08-23 20:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:56 - 2014-08-15 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 18:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-23 23:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 17:55 - 2014-08-23 20:22 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 17:55 - 2014-08-23 20:21 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 23:02 - 2014-08-19 17:16 - 00018985 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-23 23:02 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
2014-08-23 23:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-23 22:59 - 2014-08-19 17:17 - 00036877 _____ () C:\Users\XXXXX\Desktop\Addition.txt
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 22:58 - 2014-08-19 17:14 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-23 22:47 - 2014-02-12 22:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002
2014-08-23 22:40 - 2014-02-12 20:59 - 01707738 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-23 20:27 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2014-08-23 20:25 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-23 20:24 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-23 20:24 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-23 20:24 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-23 20:22 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-23 20:21 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 20:18 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job
2014-08-23 20:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-23 20:15 - 2014-02-12 16:28 - 17681592 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-23 20:10 - 2014-08-14 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 20:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-23 19:02 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-23 17:50 - 2014-08-23 18:00 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-23 11:33 - 2014-08-22 19:22 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:53 - 2014-08-22 19:53 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:43 - 2014-08-22 19:31 - 00000000 ____D () C:\AdwCleaner
2014-08-22 19:41 - 2013-11-14 00:18 - 00055154 _____ () C:\WINDOWS\PFRO.log
2014-08-22 19:41 - 2013-08-22 16:44 - 05039384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-22 19:40 - 2014-08-22 19:44 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
2014-08-22 19:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-22 19:34 - 2014-08-22 19:47 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 15:30 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB
2014-08-22 15:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-21 20:25 - 2014-01-15 01:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 20:06 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-08-21 20:06 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-08-21 20:06 - 2013-08-22 06:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-08-21 20:06 - 2013-08-22 06:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-08-21 20:06 - 2013-08-22 05:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-08-21 20:06 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-21 18:20 - 2014-08-21 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-21 18:11 - 2014-04-07 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:10 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 18:10 - 2013-11-14 09:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-08-21 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-21 18:05 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-08-21 17:25 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:31 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-19 17:31 - 2014-02-20 14:25 - 557322577 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable
2014-08-19 17:15 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:42 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll-153968
2014-08-15 17:36 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA
2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag
2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2014-08-14 20:15 - 2013-08-22 16:46 - 00345788 _____ () C:\WINDOWS\setupact.log
2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone
2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-08-12 17:42 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-10 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-18 17:02 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-25 16:52 - 2014-08-17 21:45 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-17 21:45 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-17 21:45 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-17 21:45 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-17 21:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-17 21:45 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-17 21:45 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-17 21:45 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-17 21:45 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-17 21:45 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-17 21:45 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-17 21:45 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-17 21:45 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-17 21:45 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-17 21:45 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-17 21:45 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-17 21:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-17 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-17 21:45 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-17 21:45 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-17 21:45 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-17 21:45 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-17 21:45 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-17 21:45 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-17 21:45 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-17 21:45 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-17 21:45 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-17 21:45 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-17 21:45 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\pvxinst156.exe
C:\Users\XXXXX\AppData\Local\Temp\pvxinst437.exe
C:\Users\XXXXX\AppData\Local\Temp\pvxinst687.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-23 14:34
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Und hier das Addtional File log FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by XXXXX at 2014-08-23 23:02:23
Running from C:\Users\XXXXX\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-08-2014 22:42:09 Windows Update
21-08-2014 16:04:13 Removed Microsoft Office Professional Plus 2013
21-08-2014 16:04:43 PROPLUSR
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {60D17526-A49A-44DB-A55E-9AC4D2088695} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {856CBA86-7346-4CF9-BDFF-AF610CDEDAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {C902A460-3762-45EF-834B-64745252B39A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-16 03:46 - 2013-05-16 03:46 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-16 03:43 - 2013-05-16 03:43 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-16 04:09 - 2013-05-16 04:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-18 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-18 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-18 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (08/23/2014 10:53:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1714
Startzeit: 01cfbefeca278d6f
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: beb85c71-2af2-11e4-bee1-40f02fd150c4
Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoCompanion_2.0.40.0_x86__k1h2ywk1493x8
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1700
Startzeit: 01cfbefeca2065b9
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: beb83561-2af2-11e4-bee1-40f02fd150c4
Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (08/23/2014 08:19:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (08/23/2014 08:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (08/23/2014 08:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prevx.exe, Version: 3.0.5.220, Zeitstempel: 0x4cee8953
Name des fehlerhaften Moduls: prevx.exe, Version: 3.0.5.220, Zeitstempel: 0x4cee8953
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c14e2
ID des fehlerhaften Prozesses: 0x890
Startzeit der fehlerhaften Anwendung: 0xprevx.exe0
Pfad der fehlerhaften Anwendung: prevx.exe1
Pfad des fehlerhaften Moduls: prevx.exe2
Berichtskennung: prevx.exe3
Vollständiger Name des fehlerhaften Pakets: prevx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prevx.exe5
Error: (08/23/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCClient.exe, Version: 10.3.6.88, Zeitstempel: 0x52a75e85
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000007557d2f7
ID des fehlerhaften Prozesses: 0xb3c
Startzeit der fehlerhaften Anwendung: 0xWSCClient.exe0
Pfad der fehlerhaften Anwendung: WSCClient.exe1
Pfad des fehlerhaften Moduls: WSCClient.exe2
Berichtskennung: WSCClient.exe3
Vollständiger Name des fehlerhaften Pakets: WSCClient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSCClient.exe5
Error: (08/23/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prevx.exe, Version: 3.0.5.220, Zeitstempel: 0x4cee8953
Name des fehlerhaften Moduls: prevx.exe, Version: 3.0.5.220, Zeitstempel: 0x4cee8953
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c14e2
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xprevx.exe0
Pfad der fehlerhaften Anwendung: prevx.exe1
Pfad des fehlerhaften Moduls: prevx.exe2
Berichtskennung: prevx.exe3
Vollständiger Name des fehlerhaften Pakets: prevx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prevx.exe5
System errors:
=============
Error: (08/23/2014 10:47:43 PM) (Source: DCOM) (EventID: 10010) (User: XXXXX)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (08/23/2014 10:47:13 PM) (Source: DCOM) (EventID: 10010) (User: XXXXX)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (08/23/2014 08:15:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "CSIScanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/23/2014 07:28:57 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/23/2014 06:02:00 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/23/2014 06:01:30 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/23/2014 05:58:51 PM) (Source: DCOM) (EventID: 10010) (User: XXXXX)
Description: {BBA960BE-6A97-4996-9ECB-AA313BEBF37A}
Error: (08/23/2014 05:57:37 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Sophos Anti-Virus" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (08/23/2014 05:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sophos Anti-Virus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/23/2014 05:57:37 PM) (Source: SAVOnAccess) (EventID: 37) (User: )
Description: Treiber-Threads sind beim Herunterfahren des Threads noch aktiv.
Microsoft Office Sessions:
=========================
Error: (08/23/2014 10:53:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384171401cfbefeca278d6f4294967295C:\WINDOWS\syswow64\backgroundTaskHost.exebeb85c71-2af2-11e4-bee1-40f02fd150c4E046963F.LenovoCompanion_2.0.40.0_x86__k1h2ywk1493x8App
Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384170001cfbefeca2065b94294967295C:\WINDOWS\syswow64\backgroundTaskHost.exebeb83561-2af2-11e4-bee1-40f02fd150c4E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8App
Error: (08/23/2014 08:19:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
Error: (08/23/2014 08:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
Error: (08/23/2014 08:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: prevx.exe3.0.5.2204cee8953prevx.exe3.0.5.2204cee8953c000000500000000000c14e289001cfbefd65ee450fC:\Program Files\Prevx\prevx.exeC:\Program Files\Prevx\prevx.exe851cb14f-2af1-11e4-bee0-40f02fd150c4
Error: (08/23/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSCClient.exe10.3.6.8852a75e85unknown0.0.0.000000000c0000005000000007557d2f7b3c01cfbefd41a93badC:\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exeunknown7f6d9e99-2af0-11e4-bedf-40f02fd150c4
Error: (08/23/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: prevx.exe3.0.5.2204cee8953prevx.exe3.0.5.2204cee8953c000000500000000000c14e277401cfbe305a64bcb3C:\Program Files\Prevx\prevx.exeC:\Program Files\Prevx\prevx.exe7f42b4e8-2af0-11e4-bedf-40f02fd150c4
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3993.77 MB
Available physical RAM: 2408.09 MB
Total Pagefile: 12185.77 MB
Available Pagefile: 10542.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:807.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
24.08.2014, 07:00
| #13 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Bestehen jetzt aktuell noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2014, 10:23
| #14 |
| | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hey, gerade merke ich nicht Auffälliges. Hoffentlich passiert da nichts. Gab es überhaupt Zeichen von einem Rootkit (von wegen unknown MBR code)? Und was hätte der Grund für diese "Zugriff verweigert"-Nachricht sein können? Geändert von Newbie101 (24.08.2014 um 10:28 Uhr) Grund: Frage ergänzt |
|
24.08.2014, 10:29
| #15 |
| /// the machine /// TB-Ausbilder | Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Win8.1 und GMER sind keine Freunde. Da ist aber nix im MBR.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert |
| browser, excel, failed, feedback, fehler, firefox, flash player, google, iexplore, installation, kaspersky, kmspico, langsam, log-datei, mozilla, prozess, realtek, registry, required, rootkit, safer networking, security, software, starten, svchost.exe, system, taskmanager, unknown mbr, virus, win8.1, windows, zugriff verweigert |
Linear-Darstellung
