| |
| |||||||
Log-Analyse und Auswertung: Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.09.2014, 10:30
| #1 |
 |  Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Gute Freunde haben mir ihr Lenovo Notebook vorbeigebracht weil sie eine Email mit Anhang (siehe Titel) geöffnet haben. Aus Angst vor Virenbefall steht das Notebook jetzt bei mir. Beim Nachbohren stellte sich heraus, das der Rechner wohl schon länger etwas "lahmt". Darum Bin ich hier, bevor ich da lange rumdoktor, gleich zu den Profis. Bei GMER hatte ich zunächst Probleme, da der Arbeitsspeicher nicht ausreichte. Ich habe so viele "Gadgets" wie möglich die mit Win starteten beendet und dann gings. Hier die Logfiles: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by wilbet (administrator) on WILBET-MOBIL on 04-09-2014 11:55:58
Running from C:\Users\wilbet\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Conexant) C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Lenovo) C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PM Driver\PMHandler.exe [34352 2007-10-12] (Lenovo)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2701880 2008-07-21] (Conexant)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio)
HKLM\...\Run: [CameraApplicationLauncher] => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2008-10-07] ()
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [458752 2009-03-06] (LENOVO)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-08-07] (Lenovo)
HKLM\...\Run: [ACWlIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-08-07] (Lenovo)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [1904640 2009-05-07] (AVM Berlin)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\MountPoints2: D - D:\pushinst.exe
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\MountPoints2: F - F:\pushinst.exe
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\MountPoints2: {65d94efe-e5bf-11de-b047-001eec9b219c} - F:\pushinst.exe
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\MountPoints2: {a710f6d7-b308-11dd-801d-001eec9b219c} - S:\LenovoSDrive.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=311&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.gmx.net/home
hxxp://www.google.de/
hxxp://www.lenovo.com/de/de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
SearchScopes: HKCU - {1F87460D-D3DF-4878-B02C-16F1FBE45B71} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=691E574D-0B86-47B9-9EA7-EF5ED305517E&apn_sauid=9848B86C-A666-4922-87F3-E0F2C4DD4266
SearchScopes: HKCU - {2C0D2B19-14BA-4274-9C99-D14BBBA408E0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A0FC47B-D436-44F2-966D-3527C3119C02} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {77D9BD89-FB4A-4BA1-A9B5-C01CDD5EE929} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {8C5617BE-4D4C-4FB0-9A4E-EAF13C661457} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=11471&tm=311&src=ds&p={searchTerms}
SearchScopes: HKCU - {BDBB7E66-E88F-4F58-87F9-9CE89A95E7E2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {E1996CFE-053B-40AC-BB8B-641B52EB7572} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {F538D86D-F658-4EFD-90F9-19262D5AE149} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - GMX Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - GMX Toolbar - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
FireFox:
========
FF ProfilePath: C:\Users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-11]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR CustomProfile: C:\Users\wilbet\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-05-07] (AVM Berlin) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [522792 2008-08-26] (Broadcom Corporation.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2006-05-24] (Lenovo) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel(R) Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [53325 2008-08-08] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 vToolbarUpdater11.0.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-05-07] (AVM Berlin) [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-08-20] (COMPAL ELECTRONIC INC.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2008-11-15] (Lenovo) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 11:55 - 2014-09-04 11:56 - 00023205 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:49 - 2014-09-04 11:56 - 00000000 ____D () C:\FRST
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 18:47 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 18:47 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 13:37 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:37 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 13:37 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 11:53 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 11:52 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 11:47 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 11:47 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 11:47 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 11:47 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 11:47 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:47 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 11:46 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 11:46 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 11:46 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 11:46 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 11:46 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 11:46 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 11:46 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 11:46 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software
2014-08-05 13:24 - 2014-08-05 13:24 - 00000354 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 13:24 - 2013-10-08 08:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 13:24 - 2013-10-08 08:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 13:24 - 2013-10-08 08:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 13:24 - 2013-10-08 08:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 11:56 - 2014-09-04 11:55 - 00023205 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-04 11:56 - 2014-09-04 11:49 - 00000000 ____D () C:\FRST
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:53 - 2012-04-10 18:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 11:51 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 11:51 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 11:49 - 2008-11-15 05:22 - 01937677 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 11:49 - 2008-04-16 15:45 - 01714928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-09-04 11:42 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 05:29 - 2008-11-15 05:23 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-01 05:29 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-01 05:04 - 2008-12-25 12:02 - 00000256 _____ () C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2014-08-31 20:30 - 2009-12-27 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 20:15 - 2008-12-31 17:19 - 00000000 ____D () C:\Users\wilbet\AppData\Roaming\ZoomBrowser EX
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 19:57 - 2006-11-02 14:47 - 00442248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 19:18 - 2013-10-04 19:16 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-08-29 18:46 - 2008-11-15 05:51 - 00000000 ____D () C:\Program Files\Java
2014-08-23 03:03 - 2014-08-29 18:47 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 18:47 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 17:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 16:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 15:44 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 13:43 - 2012-04-10 18:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 13:43 - 2011-05-22 11:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 11:58 - 2013-08-02 19:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 11:55 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:28 - 2013-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 11:28 - 2012-11-04 16:08 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:28 - 2012-03-13 14:55 - 00000000 ____D () C:\ProgramData\Avira
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:55 - 2008-12-31 17:08 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software
2014-08-10 15:49 - 2008-12-25 12:01 - 00000000 ____D () C:\Users\wilbet
2014-08-06 11:08 - 2008-12-29 17:25 - 00002605 _____ () C:\Users\wilbet\Desktop\Microsoft Word.lnk
2014-08-06 10:10 - 2008-01-21 04:47 - 00504680 _____ () C:\Windows\PFRO.log
2014-08-05 13:24 - 2014-08-05 13:24 - 00000354 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 12:17 - 2014-06-21 20:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-05 09:20 - 2009-12-10 21:42 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\wilbet\AppData\Local\Temp\avgnt.exe
C:\Users\wilbet\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-04 11:49
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by wilbet at 2014-09-04 11:56:29
Running from C:\Users\wilbet\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.13.00 - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{9EC9754D-CA34-4293-B5DB-3BD245A88A43}) (Version: 1.5.42.1190 - ArcSoft)
ArcSoft MediaImpression 2 (HKLM\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.52.12 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.27 - Lenovo)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.2.0.5 - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.2.6 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Digital Photo Professional 2.2 (HKLM\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.55.0.0 - Conexant)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - )
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
EDEKA Foto (HKLM\...\EDEKA Foto) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
ERROR:unable to read certificate file (Version: 10.1.177 - Roxio) Hidden
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Firefox 3.6 GMX Edition (Version: 1.6 - GMX) Hidden
Free YouTube Download version 3.2.2.430 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x86 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1268 - InterVideo Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.5100 - Lenovo.)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.0701.01 - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor 5 für Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.64.0.2 - Lenovo)
PM Driver (Version: 0.64.0.2 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.0.0022.00 - Lenovo Group Limited)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Ski Racing 2006 (HKLM\...\{97DDA53A-8346-467A-880C-655E847CC7D3}) (Version: 1.0.0 - JoWooD)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0024 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.02 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{AF70B943-5081-4BD8-88F2-75637FD34364}) (Version: 1.1.0026 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Wallpapers (Version: - ) Hidden
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0130 - Microsoft Corporation)
Windows Live Toolbar (Version: 03.01.0130 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2305096267-3803267540-2786178057-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
==================== Restore Points =========================
17-08-2014 12:16:50 Windows Update
17-08-2014 12:48:12 Windows Update
29-08-2014 16:37:32 Windows Update
29-08-2014 16:45:05 Removed Java(TM) 6 Update 7
29-08-2014 16:47:02 Windows Update
31-08-2014 23:38:59 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0F7D30C3-4A5D-4BAE-A281-B97CF9298864} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {18D71246-626B-4FB4-9618-F180109F649B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {190A0345-389D-4138-81FE-EBE1256869A4} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {1B7ED24A-DE96-4245-BED5-0E8FF57F4626} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {21B10927-3D62-49FF-9610-10E0DCC9E447} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {23A7C5B8-EECE-493B-9F5F-21C530CEFFAA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - wilbet => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56FE3F50-EAC8-4D78-A649-51D4BE895C8E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6A6B1FEF-BA3C-44DC-B512-3F51B12E9FAD} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-31] ( ) <==== ATTENTION
Task: {6A7181B8-E69F-4E5C-80A0-3AFC6E2E870F} - System32\Tasks\OpenCandyHelperRunOnceFC1794B1622C4497B86974E008DEBFAF => C:\Users\wilbet\AppData\Roaming\OpenCandy\BBF507B2348E405786A11F859E502354\OCBrowserHelper_1.0.6.125.exe
Task: {6B7736C4-DE16-4C9A-A71D-C3AE0AE2670C} - System32\Tasks\OpenCandyHelperRunOnceC91E86EB5F384596AC5F1DB8B6959092 => C:\Users\wilbet\AppData\Roaming\OpenCandy\0E6BC8CBEFBE43EBA03D248497A47DA6\OCBrowserHelper_1.0.6.125.exe
Task: {A7725A42-AF1B-436F-BA51-6218375112D2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B635F47A-6E1D-4783-8957-71C3E4FCFF4A} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {C4018C94-03F5-448A-9969-18CFB9581D7A} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12] (Microsoft Corporation)
Task: {D83C11A3-3889-4B9C-999E-7C1527BC1EBF} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {DEF54A60-1C6D-4F64-B9C0-4C822BF89510} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
==================== Loaded Modules (whitelisted) =============
2008-04-30 20:13 - 2008-04-30 20:13 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-08-26 13:48 - 2008-08-26 13:48 - 00126976 ____N () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2008-11-15 05:49 - 2007-06-18 17:28 - 00056056 ____N () C:\Windows\system32\DLAAPI_W.DLL
2008-05-24 17:17 - 2008-05-24 17:17 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-24 17:03 - 2008-05-24 17:03 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2006-05-24 14:33 - 2006-05-24 14:33 - 00024576 ____N () C:\Program Files\Lenovo\PM Driver\PMHlerIO.dll
2008-09-28 19:18 - 2008-09-28 19:18 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2014-08-15 11:28 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\wilbet\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00028672 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00020480 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00024576 ____N () C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00007680 ____N () C:\Program Files\Lenovo\Camera Center\bin\de\LocalizationWrapper.resources.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (09/04/2014 11:47:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:46:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:44:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:43:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/31/2014 07:33:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:33:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:32:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:31:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/31/2014 03:07:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 03:05:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
System errors:
=============
Error: (09/04/2014 11:52:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
Error: (09/04/2014 11:51:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wlansvc
Error: (09/04/2014 11:51:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain
Error: (09/04/2014 11:50:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks
Error: (09/04/2014 11:49:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000EMDMgmt
Error: (09/04/2014 11:49:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks
Error: (09/04/2014 11:48:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000AudioEndpointBuilder
Error: (09/04/2014 11:48:15 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (09/04/2014 11:48:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Avira Service Host3
Error: (09/04/2014 11:48:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000AudioEndpointBuilder
Microsoft Office Sessions:
=========================
Error: (09/04/2014 11:47:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:46:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:44:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/04/2014 11:43:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/31/2014 07:33:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:33:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:32:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 07:31:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/31/2014 03:07:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/31/2014 03:05:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
CodeIntegrity Errors:
===================================
Date: 2013-08-12 15:10:24.290
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:10:23.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:04:23.691
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:04:23.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:58:11.775
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:58:11.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:30.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:30.302
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:24.509
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:24.064
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3031.65 MB
Available physical RAM: 1741.01 MB
Total Pagefile: 6265.56 MB
Available Pagefile: 4865.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.75 MB
==================== Drives ================================
Drive c: (SW_Preload) (Fixed) (Total:286.86 GB) (Free:202.67 GB) NTFS
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.01 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 34ECC3B1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-05 11:25:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\wilbet\AppData\Local\Temp\kwrcqpow.sys
---- System - GMER 2.1 ----
SSDT 8CDB53DE ZwCreateSection
SSDT 8CDB53E8 ZwRequestWaitReplyPort
SSDT 8CDB53E3 ZwSetContextThread
SSDT 8CDB53ED ZwSetSecurityObject
SSDT 8CDB53F2 ZwSystemDebugControl
SSDT 8CDB537F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822F8860 4 Bytes [DE, 53, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 822F8B84 4 Bytes [E8, 53, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 822F8BB8 4 Bytes [E3, 53, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822F8C1C 4 Bytes [ED, 53, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 822F8C64 4 Bytes [F2, 53, DB, 8C]
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\0000009c bthport.sys
Device \Driver\BTHUSB \Device\0000009c bthport.sys
Device \Driver\BTHUSB \Device\0000009a bthport.sys
Device \Driver\BTHUSB \Device\0000009a bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269f27ad0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269f27ad0 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank für eure Hilfe. Loki
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
05.09.2014, 10:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
06.09.2014, 11:14
| #3 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Hi Cosinus,
__________________Nein es gibt keine logs. Die haben mir voller Panik auf die Mailbox gequatscht und mich um Hilfe gebeten. Und da eine der Regeln besagt, nichts auf eigene Faust unternehmen, habe ich so wie ich das Gerät bekommen habe FRST und GMER laufen lassen und hier gepostet. Sollten die Beiden etwa Glück gehabt haben und nur eine Phishing Mail gelesen haben statt einen Virus Anhang "aktiviert" zu haben!?^^ Dann ist die Kiste "nur" zugemüllt und ich muss da ein wenig aufräumen, aber das ist dann ja nicht mehr Sache des TBoards... Gruß Loki
__________________ |
|
06.09.2014, 17:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2014, 19:38
| #5 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet So hier das ComboFix Log: Code:
ATTFilter ComboFix 14-09-05.01 - wilbet 06.09.2014 20:15:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3032.1906 [GMT 2:00]
ausgeführt von:: c:\users\wilbet\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DragToDiscUserNameE.txt
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\wilbet\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msvcr71.dll
c:\windows\system32\Thumbs.db
c:\windows\wininit.ini
Q:\Autorun.inf
S:\Autorun.inf
.
Infizierte Kopie von c:\windows\system32\kernel32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.23323_none_961b47b06c9d0ce7\kernel32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-06 bis 2014-09-06 ))))))))))))))))))))))))))))))
.
.
2014-09-06 18:22 . 2014-09-06 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-04 09:49 . 2014-09-04 09:56 -------- d-----w- C:\FRST
2014-08-31 17:51 . 2014-08-31 17:51 -------- d-----w- c:\users\wilbet\AppData\Local\Adobe
2014-08-29 16:47 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 16:47 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 16:38 . 2014-08-21 09:24 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCE4ECAA-C27A-4A00-9F6C-2EB2A258B92C}\mpengine.dll
2014-08-15 11:37 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-15 11:37 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-15 11:37 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 11:37 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-15 11:37 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-15 09:53 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 09:53 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 09:53 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 09:52 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 09:27 . 2014-08-15 09:27 -------- d-----w- c:\programdata\Package Cache
2014-08-10 13:49 . 2014-08-10 13:49 -------- d-----w- c:\users\wilbet\Bluetooth Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 11:43 . 2012-04-10 16:00 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-15 11:43 . 2011-05-22 09:25 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-05 07:20 . 2009-12-10 19:42 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-03 16:51 . 2012-11-04 14:08 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-21 17:15 . 2012-11-04 14:08 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-10-12 34352]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-10-07 16384]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-03-06 458752]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2305096267-3803267540-2786178057-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 11:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=11471&tm=311&src=hmp
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\GMX Toolbar\IE\uitb.dll
FF - ProfilePath - c:\users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6} - c:\programdata\{B8D53BEA-6377-4E04-8901-F6960C01E454}\Firefox-3.6-GMX-Edition.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-09-06 20:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6032)
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\PM Driver\PMHandler.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-06 20:31:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-06 18:31
.
Vor Suchlauf: 14 Verzeichnis(se), 209.905.729.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 209.521.627.136 Bytes frei
.
- - End Of File - - D30903BED3AF7803B39359AF35F96A60
2837EFC7A6F32E461756B99F9CBF5EAD
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
06.09.2014, 19:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Da müssen wir mal nachkontrollieren: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet |
|
06.09.2014, 20:08
| #7 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Hier das TDSS Log: Code:
ATTFilter 21:01:58.0351 0x0318 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:02:06.0120 0x0318 ============================================================
21:02:06.0120 0x0318 Current date / time: 2014/09/06 21:02:06.0120
21:02:06.0120 0x0318 SystemInfo:
21:02:06.0120 0x0318
21:02:06.0120 0x0318 OS Version: 6.0.6002 ServicePack: 2.0
21:02:06.0120 0x0318 Product type: Workstation
21:02:06.0120 0x0318 ComputerName: WILBET-MOBIL
21:02:06.0120 0x0318 UserName: wilbet
21:02:06.0120 0x0318 Windows directory: C:\Windows
21:02:06.0120 0x0318 System windows directory: C:\Windows
21:02:06.0120 0x0318 Processor architecture: Intel x86
21:02:06.0120 0x0318 Number of processors: 2
21:02:06.0120 0x0318 Page size: 0x1000
21:02:06.0120 0x0318 Boot type: Normal boot
21:02:06.0120 0x0318 ============================================================
21:02:07.0602 0x0318 KLMD registered as C:\Windows\system32\drivers\38111310.sys
21:02:07.0758 0x0318 System UUID: {A5A0E4FB-2EC2-44AC-1215-5331D5898808}
21:02:08.0444 0x0318 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:02:08.0460 0x0318 ============================================================
21:02:08.0460 0x0318 \Device\Harddisk0\DR0:
21:02:08.0460 0x0318 MBR partitions:
21:02:08.0460 0x0318 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:02:08.0460 0x0318 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23DB77F8
21:02:08.0460 0x0318 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
21:02:08.0460 0x0318 ============================================================
21:02:08.0475 0x0318 C: <-> \Device\Harddisk0\DR0\Partition2
21:02:08.0506 0x0318 S: <-> \Device\Harddisk0\DR0\Partition1
21:02:08.0569 0x0318 Q: <-> \Device\Harddisk0\DR0\Partition3
21:02:08.0569 0x0318 ============================================================
21:02:08.0569 0x0318 Initialize success
21:02:08.0569 0x0318 ============================================================
21:02:55.0509 0x1018 ============================================================
21:02:55.0509 0x1018 Scan started
21:02:55.0509 0x1018 Mode: Manual; SigCheck; TDLFS;
21:02:55.0509 0x1018 ============================================================
21:02:55.0509 0x1018 KSN ping started
21:02:55.0556 0x1018 KSN ping finished: false
21:02:56.0024 0x1018 ================ Scan system memory ========================
21:02:56.0024 0x1018 System memory - ok
21:02:56.0024 0x1018 ================ Scan services =============================
21:02:56.0180 0x1018 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:02:56.0289 0x1018 ACDaemon - ok
21:02:56.0523 0x1018 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:02:56.0539 0x1018 ACPI - ok
21:02:56.0617 0x1018 [ A125765807A56B6323635CDDC5EF0770, E0421EA7DA37DF281B3C528F1F30F49D14C6DF0B7FE12C3BA1E78C1B53D9F6DF ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:02:56.0632 0x1018 AcPrfMgrSvc - ok
21:02:56.0648 0x1018 [ 977457D42BC46E46D1FEA8D375685DE9, 07722201AA3979CE7170EEA2D7B4AFF5EC87AA1C502A3AF3AF4F9A92384BC769 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
21:02:56.0664 0x1018 AcSvc - ok
21:02:56.0726 0x1018 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:02:56.0742 0x1018 AdobeARMservice - ok
21:02:56.0804 0x1018 [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:02:56.0820 0x1018 AdobeFlashPlayerUpdateSvc - ok
21:02:56.0866 0x1018 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:02:56.0929 0x1018 adp94xx - ok
21:02:57.0007 0x1018 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:02:57.0022 0x1018 adpahci - ok
21:02:57.0054 0x1018 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:02:57.0069 0x1018 adpu160m - ok
21:02:57.0100 0x1018 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:02:57.0116 0x1018 adpu320 - ok
21:02:57.0147 0x1018 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:02:57.0194 0x1018 AeLookupSvc - ok
21:02:57.0225 0x1018 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc C:\Windows\system32\drivers\Afc.sys
21:02:57.0256 0x1018 Afc - ok
21:02:57.0288 0x1018 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
21:02:57.0319 0x1018 AFD - ok
21:02:57.0350 0x1018 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:02:57.0366 0x1018 agp440 - ok
21:02:57.0397 0x1018 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:02:57.0412 0x1018 aic78xx - ok
21:02:57.0428 0x1018 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
21:02:57.0475 0x1018 ALG - ok
21:02:57.0506 0x1018 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
21:02:57.0522 0x1018 aliide - ok
21:02:57.0537 0x1018 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:02:57.0553 0x1018 amdagp - ok
21:02:57.0568 0x1018 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
21:02:57.0584 0x1018 amdide - ok
21:02:57.0600 0x1018 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:02:57.0646 0x1018 AmdK7 - ok
21:02:57.0662 0x1018 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:02:57.0693 0x1018 AmdK8 - ok
21:02:57.0802 0x1018 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:02:57.0834 0x1018 AntiVirSchedulerService - ok
21:02:57.0943 0x1018 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:02:57.0990 0x1018 AntiVirService - ok
21:02:58.0068 0x1018 [ 8275A6F8857CB98F72CBAF75770E9E10, B945A8937E95269A84C4B0EA0E202EE564B457E32DE239DCCDF9F14D9CC204C7 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:02:58.0208 0x1018 AntiVirWebService - ok
21:02:58.0270 0x1018 [ 0F83CB9BCB247869BCAD28026B8F134B, 3C44950C4714DDB16E397B5C8937129771BC3DB2B432FB01A5CA15297EAD28FA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:02:58.0286 0x1018 ApfiltrService - ok
21:02:58.0348 0x1018 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
21:02:58.0380 0x1018 Appinfo - ok
21:02:58.0473 0x1018 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
21:02:58.0489 0x1018 arc - ok
21:02:58.0504 0x1018 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:02:58.0520 0x1018 arcsas - ok
21:02:58.0645 0x1018 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:02:58.0660 0x1018 aspnet_state - ok
21:02:58.0707 0x1018 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:58.0738 0x1018 AsyncMac - ok
21:02:58.0785 0x1018 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
21:02:58.0801 0x1018 atapi - ok
21:02:58.0832 0x1018 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:02:58.0863 0x1018 AudioEndpointBuilder - ok
21:02:58.0894 0x1018 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:02:58.0926 0x1018 Audiosrv - ok
21:02:58.0972 0x1018 [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:02:59.0004 0x1018 avgntflt - ok
21:02:59.0035 0x1018 [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:02:59.0050 0x1018 avipbb - ok
21:02:59.0097 0x1018 [ B127AC7651D0C088E4A239EED92F8AF8, 2958F81C06C46E147E8022F3B7E9C26F1D47C729ADD336D68DCCFEB363CB09FF ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
21:02:59.0113 0x1018 Avira.OE.ServiceHost - ok
21:02:59.0144 0x1018 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:02:59.0160 0x1018 avkmgr - ok
21:02:59.0253 0x1018 [ D1A9AE485FFF7C72CA50D8949B2210B9, 937E02439519E3837DBEFE3D17123104BA5B1636E7AC322B634DC135B3024B50 ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
21:02:59.0300 0x1018 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
21:02:59.0394 0x1018 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:02:59.0394 0x1018 Force sending object to P2P due to detect: AVM WLAN Connection Service
21:02:59.0394 0x1018 Object send P2P result: false
21:02:59.0456 0x1018 [ 263CF9D248FD5E020A1333ED4F7EAA88, 04F944C2B284172A7917389A83C525FA9A3ACB026F370EB886B48759FE81A5E1 ] avmeject C:\Windows\system32\drivers\avmeject.sys
21:02:59.0487 0x1018 avmeject - detected UnsignedFile.Multi.Generic ( 1 )
21:02:59.0487 0x1018 avmeject ( UnsignedFile.Multi.Generic ) - warning
21:02:59.0487 0x1018 Force sending object to P2P due to detect: avmeject
21:02:59.0487 0x1018 Object send P2P result: false
21:02:59.0550 0x1018 [ F17463EDDB3B6A988F939FF403E067C3, 77B2CB22F622D5D753E1FA1E9609170526CBDD738F298DE9B6342D2CEB2CA1BA ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:02:59.0596 0x1018 b57nd60x - ok
21:02:59.0674 0x1018 [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:02:59.0690 0x1018 BcmSqlStartupSvc - ok
21:02:59.0706 0x1018 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
21:02:59.0737 0x1018 Beep - ok
21:02:59.0784 0x1018 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
21:02:59.0846 0x1018 BFE - ok
21:02:59.0924 0x1018 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
21:02:59.0986 0x1018 BITS - ok
21:03:00.0033 0x1018 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:03:00.0080 0x1018 blbdrive - ok
21:03:00.0127 0x1018 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:03:00.0174 0x1018 bowser - ok
21:03:00.0236 0x1018 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:03:00.0252 0x1018 BrFiltLo - ok
21:03:00.0267 0x1018 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:03:00.0314 0x1018 BrFiltUp - ok
21:03:00.0345 0x1018 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
21:03:00.0376 0x1018 Browser - ok
21:03:00.0408 0x1018 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:03:00.0470 0x1018 Brserid - ok
21:03:00.0517 0x1018 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:03:00.0579 0x1018 BrSerWdm - ok
21:03:00.0595 0x1018 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:03:00.0657 0x1018 BrUsbMdm - ok
21:03:00.0704 0x1018 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:03:00.0766 0x1018 BrUsbSer - ok
21:03:00.0798 0x1018 [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:03:00.0844 0x1018 BthEnum - ok
21:03:00.0876 0x1018 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:03:00.0954 0x1018 BTHMODEM - ok
21:03:01.0000 0x1018 [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:03:01.0063 0x1018 BthPan - ok
21:03:01.0125 0x1018 [ 611FF3F2F095C8D4A6D4CFD9DCC09793, 2F27A1287ABCDB9C316EB720D1855100666240959CF969D5B2679C9ABCBD6050 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:03:01.0203 0x1018 BTHPORT - ok
21:03:01.0266 0x1018 [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ C:\Windows\System32\bthserv.dll
21:03:01.0297 0x1018 BthServ - ok
21:03:01.0344 0x1018 [ D330803EAB2A15CAEC7F011F1D4CB30E, 240FFF317C90AD8966DA9666F2748F98CEC3CB99C486F399D1C68FE0E393EE68 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:03:01.0375 0x1018 BTHUSB - ok
21:03:01.0453 0x1018 [ 463483285B2D2D345443AAEE7B9391E7, C8ED91313938375B0F8D89AC2023B53A84FF1D37010C2061E4515AAC7746898E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:03:01.0484 0x1018 btwaudio - ok
21:03:01.0515 0x1018 [ 4F82B6173EF8637CB26CF4E73B90F172, DB9084861261B64D901B14EFF57AB38FBE1130BAF8DC166122E8004400B80FC1 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:03:01.0531 0x1018 btwavdt - ok
21:03:01.0624 0x1018 [ BD92E10B38CEE3293D5E2D9761FD38C1, 77B988CC2C89B5CE3309BB3D23FFBEB384B04BE2808183DF31180B5760CBD4E3 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
21:03:01.0656 0x1018 btwdins - ok
21:03:01.0702 0x1018 [ ECB98391C756A7B9CFBAE89D9D1235E1, 0A639D2187BDCD64320A7FB72627ED8AF2AF7CC8AAEF6E0991BDEF28BA080442 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:03:01.0718 0x1018 btwl2cap - ok
21:03:01.0749 0x1018 [ F771034F5B59A4A5054A2FA6F4E9F28B, D1AE8B30AF35196416AFAEFBE34D632CEC44511E5FC8E60285499AFDCAB62765 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:03:01.0780 0x1018 btwrchid - ok
21:03:01.0796 0x1018 catchme - ok
21:03:01.0827 0x1018 [ 5753532C476B83119D85AA43B1B10AB3, 1CF4CA789312B9AB20E00BBFCC20084E6DAA797CE64FAA78B5DEE482D621A289 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
21:03:01.0858 0x1018 CCALib8 - detected UnsignedFile.Multi.Generic ( 1 )
21:03:01.0858 0x1018 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
21:03:01.0905 0x1018 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:03:01.0968 0x1018 cdfs - ok
21:03:02.0014 0x1018 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:03:02.0046 0x1018 cdrom - ok
21:03:02.0077 0x1018 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
21:03:02.0124 0x1018 CertPropSvc - ok
21:03:02.0170 0x1018 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
21:03:02.0217 0x1018 circlass - ok
21:03:02.0342 0x1018 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
21:03:02.0373 0x1018 CLFS - ok
21:03:02.0576 0x1018 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:02.0607 0x1018 clr_optimization_v2.0.50727_32 - ok
21:03:02.0654 0x1018 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:03:02.0670 0x1018 clr_optimization_v4.0.30319_32 - ok
21:03:02.0701 0x1018 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:03:02.0763 0x1018 CmBatt - ok
21:03:02.0779 0x1018 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:03:02.0794 0x1018 cmdide - ok
21:03:02.0857 0x1018 [ 8B7A0CE6613F991359FF95212900396C, 11D95BF40F5AAE9638B21AE2AFA78213DED1934D14FF27293942DE25528B5A46 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:03:02.0872 0x1018 CnxtHdAudService - ok
21:03:02.0888 0x1018 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:03:02.0904 0x1018 Compbatt - ok
21:03:02.0904 0x1018 COMSysApp - ok
21:03:02.0919 0x1018 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:03:02.0935 0x1018 crcdisk - ok
21:03:02.0950 0x1018 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:03:02.0997 0x1018 Crusoe - ok
21:03:03.0060 0x1018 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:03:03.0075 0x1018 CryptSvc - ok
21:03:03.0122 0x1018 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:03:03.0216 0x1018 DcomLaunch - ok
21:03:03.0278 0x1018 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:03:03.0325 0x1018 DfsC - ok
21:03:03.0450 0x1018 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
21:03:03.0637 0x1018 DFSR - ok
21:03:03.0715 0x1018 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:03:03.0777 0x1018 Dhcp - ok
21:03:03.0808 0x1018 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
21:03:03.0840 0x1018 disk - ok
21:03:03.0886 0x1018 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E, CC9706D8DB6511E85F05646F72BF6398F98E13027AA4CEF8113A7D77ED52EB53 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
21:03:03.0918 0x1018 DLABMFSM - ok
21:03:03.0933 0x1018 [ AD4CB3D783634C90A9D0CE360933A63C, 65FDDFF3A921444667DB446EDC2ADC307D0ABEE1A4571194205D66484BC56863 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
21:03:03.0964 0x1018 DLABOIOM - ok
21:03:03.0980 0x1018 [ 5230CDB7E715F3A3B4A882E254CDD35D, 0D6A88DE30A75FAD5FF535468DF56A33E4695C619BFDD7E142AC4516A7878E52 ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
21:03:03.0996 0x1018 DLACDBHM - ok
21:03:04.0011 0x1018 [ DAE193B1DDC6914F56B767A4F1406351, D013685455232F5B54A625D096F59247F0832C913B8BF939AF5538BC012C7C67 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
21:03:04.0042 0x1018 DLADResM - ok
21:03:04.0058 0x1018 [ 6A82F77C4A6F5235BF352F0028E2EF52, 02349027F93340546C7F25BCA751C2C30BFB2AE47D1927CB5AF9FCD062BA249A ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
21:03:04.0074 0x1018 DLAIFS_M - ok
21:03:04.0089 0x1018 [ 0E6052C0ADA37504896A847231A3907D, 6F0C4DA7EE49F07F3E0EC22AD9FF4E8164AEF951DF64E051BBBC74BADACDAB15 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
21:03:04.0120 0x1018 DLAOPIOM - ok
21:03:04.0136 0x1018 [ 29670BB4E2B973C5B55A76107D4910B2, 322490F50DFDD721CF0E1FD98DEE07126F9BB556FA4D91D11BBA79511EFE6885 ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
21:03:04.0152 0x1018 DLAPoolM - ok
21:03:04.0167 0x1018 [ 77FE51F0F8D86804CB81F6EF6BFB86DD, 030F70D5703A95964087C3E9EB1E9BAC1ECE8224FFF3E131A5C1D20215C9BB43 ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
21:03:04.0183 0x1018 DLARTL_M - ok
21:03:04.0214 0x1018 [ 6B087732B86C1D866D69DBBE463EA90A, 6B84EA902175E010220C02D134CCCBC9806FAC93F700ED4A3E0EAB9260050DBF ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
21:03:04.0245 0x1018 DLAUDFAM - ok
21:03:04.0261 0x1018 [ BBEECB95F2841AE4A3E3690D46D7153D, 38A5984C318F25F101358B5F5B1B102063B5AC48787A5A27D1C70C198779361C ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
21:03:04.0292 0x1018 DLAUDF_M - ok
21:03:04.0323 0x1018 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:03:04.0339 0x1018 Dnscache - ok
21:03:04.0370 0x1018 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
21:03:04.0432 0x1018 dot3svc - ok
21:03:04.0479 0x1018 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
21:03:04.0542 0x1018 DPS - ok
21:03:04.0604 0x1018 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:03:04.0620 0x1018 drmkaud - ok
21:03:04.0635 0x1018 [ 83106585494D5EB96F59187200C144BD, 9D0B85643AA379E3CDB11C61DE4838164834231A1F4BF62173C8AA4BCF090063 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
21:03:04.0666 0x1018 DRVMCDB - ok
21:03:04.0682 0x1018 [ FFC371525AA55D1BAE18715EBCB8797C, 4894F67772CEB0143B5DAFE10B42D90727E36A58B02F6221E83CE4CFD26E32B6 ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
21:03:04.0698 0x1018 DRVNDDM - ok
21:03:04.0760 0x1018 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:03:04.0807 0x1018 DXGKrnl - ok
21:03:04.0854 0x1018 [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:03:04.0916 0x1018 e1express - ok
21:03:04.0978 0x1018 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:03:05.0025 0x1018 E1G60 - ok
21:03:05.0072 0x1018 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
21:03:05.0119 0x1018 EapHost - ok
21:03:05.0166 0x1018 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
21:03:05.0197 0x1018 Ecache - ok
21:03:05.0259 0x1018 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:03:05.0290 0x1018 ehRecvr - ok
21:03:05.0306 0x1018 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
21:03:05.0337 0x1018 ehSched - ok
21:03:05.0368 0x1018 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
21:03:05.0400 0x1018 ehstart - ok
21:03:05.0462 0x1018 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:03:05.0493 0x1018 elxstor - ok
21:03:05.0556 0x1018 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:03:05.0649 0x1018 EMDMgmt - ok
21:03:05.0712 0x1018 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:03:05.0758 0x1018 ErrDev - ok
21:03:05.0790 0x1018 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
21:03:05.0821 0x1018 EventSystem - ok
21:03:05.0914 0x1018 [ 306AC856622864C761CBDB5E816BB9D8, 491221AD59143DC3FF96C71768E543043048CDFE0A7CC8EA306CFA4B1CC67502 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:03:05.0961 0x1018 EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
21:03:05.0961 0x1018 EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:03:06.0008 0x1018 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
21:03:06.0055 0x1018 exfat - ok
21:03:06.0117 0x1018 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:03:06.0164 0x1018 fastfat - ok
21:03:06.0211 0x1018 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:03:06.0273 0x1018 fdc - ok
21:03:06.0304 0x1018 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
21:03:06.0367 0x1018 fdPHost - ok
21:03:06.0398 0x1018 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
21:03:06.0445 0x1018 FDResPub - ok
21:03:06.0460 0x1018 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:03:06.0476 0x1018 FileInfo - ok
21:03:06.0476 0x1018 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:03:06.0538 0x1018 Filetrace - ok
21:03:06.0570 0x1018 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:03:06.0601 0x1018 flpydisk - ok
21:03:06.0648 0x1018 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:03:06.0679 0x1018 FltMgr - ok
21:03:06.0710 0x1018 [ C4C9A48C3339B6335F8F0DB1F47BB668, 3B75477DD54ECEAA91CADE29F6ED567AE2760E31F7577AFA25931D7DE85AEAAC ] FNF5SVC C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
21:03:06.0726 0x1018 FNF5SVC - ok
21:03:06.0772 0x1018 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
21:03:06.0866 0x1018 FontCache - ok
21:03:06.0960 0x1018 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:06.0975 0x1018 FontCache3.0.0.0 - ok
21:03:07.0006 0x1018 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:03:07.0053 0x1018 Fs_Rec - ok
21:03:07.0100 0x1018 [ FF12FA487265DA2AC7DE4BE53F72FF1A, 9B9F29CC36D0C7681676F708270038D38CEA21AD82F4937DBDAE45F0D667786E ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
21:03:07.0131 0x1018 FWLANUSB - ok
21:03:07.0194 0x1018 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:03:07.0225 0x1018 gagp30kx - ok
21:03:07.0287 0x1018 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
21:03:07.0396 0x1018 gpsvc - ok
21:03:07.0459 0x1018 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:03:07.0552 0x1018 HdAudAddService - ok
21:03:07.0615 0x1018 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:03:07.0693 0x1018 HDAudBus - ok
21:03:07.0724 0x1018 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:03:07.0771 0x1018 HidBth - ok
21:03:07.0786 0x1018 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
21:03:07.0849 0x1018 HidIr - ok
21:03:07.0880 0x1018 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
21:03:07.0927 0x1018 hidserv - ok
21:03:07.0958 0x1018 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:03:08.0005 0x1018 HidUsb - ok
21:03:08.0036 0x1018 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
21:03:08.0067 0x1018 hkmsvc - ok
21:03:08.0098 0x1018 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:03:08.0114 0x1018 HpCISSs - ok
21:03:08.0161 0x1018 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:03:08.0192 0x1018 HSFHWAZL - ok
21:03:08.0270 0x1018 [ FADD7095163CB3CB4073793EBB50FE75, 12555D259DA75CA4B4EC8F5F86EAA2A57270BC2016E2DE05AFE95256E8C010E2 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:03:08.0364 0x1018 HSF_DPV - ok
21:03:08.0426 0x1018 [ 058783BEDD17615D1FECE09F77960436, 2DC2C98F40016C50521C0BE4C276C04065376A43F81DCBCE80E8E09F850AF1C8 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:03:08.0457 0x1018 HSXHWAZL - ok
21:03:08.0488 0x1018 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:03:08.0566 0x1018 HTTP - ok
21:03:08.0629 0x1018 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:03:08.0629 0x1018 i2omp - ok
21:03:08.0660 0x1018 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:03:08.0722 0x1018 i8042prt - ok
21:03:08.0769 0x1018 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:03:08.0785 0x1018 iaStorV - ok
21:03:08.0863 0x1018 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:03:08.0894 0x1018 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
21:03:08.0894 0x1018 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:03:08.0988 0x1018 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:09.0050 0x1018 idsvc - ok
21:03:09.0471 0x1018 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:03:09.0939 0x1018 igfx - ok
21:03:10.0002 0x1018 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:03:10.0017 0x1018 iirsp - ok
21:03:10.0064 0x1018 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
21:03:10.0111 0x1018 IKEEXT - ok
21:03:10.0158 0x1018 [ C7E7E43CBD34D3B0A0156B51B917DFCC, 8F40D053D1AF89E0739D798D41F92801F95AB55CA0109386C426AB57784DD540 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:03:10.0204 0x1018 IntcHdmiAddService - ok
21:03:10.0267 0x1018 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
21:03:10.0282 0x1018 intelide - ok
21:03:10.0314 0x1018 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:03:10.0376 0x1018 intelppm - ok
21:03:10.0423 0x1018 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:03:10.0470 0x1018 IPBusEnum - ok
21:03:10.0485 0x1018 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:03:10.0548 0x1018 IpFilterDriver - ok
21:03:10.0594 0x1018 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:03:10.0641 0x1018 iphlpsvc - ok
21:03:10.0657 0x1018 IpInIp - ok
21:03:10.0688 0x1018 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:03:10.0719 0x1018 IPMIDRV - ok
21:03:10.0750 0x1018 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:03:10.0828 0x1018 IPNAT - ok
21:03:10.0860 0x1018 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:03:10.0891 0x1018 IRENUM - ok
21:03:10.0922 0x1018 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:03:10.0938 0x1018 isapnp - ok
21:03:10.0969 0x1018 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:03:10.0984 0x1018 iScsiPrt - ok
21:03:11.0000 0x1018 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:03:11.0016 0x1018 iteatapi - ok
21:03:11.0047 0x1018 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:03:11.0062 0x1018 iteraid - ok
21:03:11.0109 0x1018 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:03:11.0125 0x1018 IviRegMgr - ok
21:03:11.0156 0x1018 [ A69A1B991824B98F744913555F665893, C113FC03DD043F500E68F8E8AC74C17840270BEEEF0E19E5CAF37FA4DD72AD22 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:03:11.0187 0x1018 JMCR - ok
21:03:11.0218 0x1018 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:03:11.0234 0x1018 kbdclass - ok
21:03:11.0250 0x1018 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:03:11.0281 0x1018 kbdhid - ok
21:03:11.0328 0x1018 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
21:03:11.0343 0x1018 KeyIso - ok
21:03:11.0374 0x1018 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:03:11.0406 0x1018 KSecDD - ok
21:03:11.0468 0x1018 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:03:11.0562 0x1018 KtmRm - ok
21:03:11.0608 0x1018 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
21:03:11.0640 0x1018 LanmanServer - ok
21:03:11.0671 0x1018 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:03:11.0718 0x1018 LanmanWorkstation - ok
21:03:11.0749 0x1018 [ 3C3F7F424E324C6971632C5DE5FF458F, 932369A793C6FD527F7AD205B230E64228D54E8A1B17D8684EC43C71337BE9B1 ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
21:03:11.0764 0x1018 lenovo.smi - ok
21:03:11.0796 0x1018 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:03:11.0842 0x1018 lltdio - ok
21:03:11.0905 0x1018 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:03:11.0952 0x1018 lltdsvc - ok
21:03:11.0967 0x1018 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:03:12.0014 0x1018 lmhosts - ok
21:03:12.0045 0x1018 [ 31F74D5D47EEA83E5E89447586917774, 5B8C99FDC77E8782A4362907424432A36AAA487756CA3E6CCC7E0F9759662145 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
21:03:12.0061 0x1018 LPCFilter - ok
21:03:12.0076 0x1018 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:03:12.0092 0x1018 LSI_FC - ok
21:03:12.0108 0x1018 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:03:12.0123 0x1018 LSI_SAS - ok
21:03:12.0139 0x1018 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:03:12.0154 0x1018 LSI_SCSI - ok
21:03:12.0186 0x1018 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
21:03:12.0248 0x1018 luafv - ok
21:03:12.0264 0x1018 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:03:12.0310 0x1018 Mcx2Svc - ok
21:03:12.0357 0x1018 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:03:12.0388 0x1018 mdmxsdk - ok
21:03:12.0451 0x1018 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
21:03:12.0466 0x1018 megasas - ok
21:03:12.0513 0x1018 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:03:12.0544 0x1018 MegaSR - ok
21:03:12.0591 0x1018 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
21:03:12.0638 0x1018 MMCSS - ok
21:03:12.0669 0x1018 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
21:03:12.0732 0x1018 Modem - ok
21:03:12.0778 0x1018 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:03:12.0825 0x1018 monitor - ok
21:03:12.0841 0x1018 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:03:12.0856 0x1018 mouclass - ok
21:03:12.0888 0x1018 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:03:12.0919 0x1018 mouhid - ok
21:03:12.0934 0x1018 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:03:12.0950 0x1018 MountMgr - ok
21:03:13.0012 0x1018 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:03:13.0028 0x1018 MozillaMaintenance - ok
21:03:13.0044 0x1018 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:03:13.0059 0x1018 mpio - ok
21:03:13.0090 0x1018 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:03:13.0122 0x1018 mpsdrv - ok
21:03:13.0153 0x1018 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:03:13.0231 0x1018 MpsSvc - ok
21:03:13.0293 0x1018 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:03:13.0293 0x1018 Mraid35x - ok
21:03:13.0356 0x1018 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:03:13.0402 0x1018 MRxDAV - ok
21:03:13.0434 0x1018 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:03:13.0465 0x1018 mrxsmb - ok
21:03:13.0496 0x1018 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:03:13.0558 0x1018 mrxsmb10 - ok
21:03:13.0574 0x1018 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:03:13.0636 0x1018 mrxsmb20 - ok
21:03:13.0668 0x1018 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
21:03:13.0683 0x1018 msahci - ok
21:03:13.0714 0x1018 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:03:13.0730 0x1018 msdsm - ok
21:03:13.0777 0x1018 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
21:03:13.0808 0x1018 MSDTC - ok
21:03:13.0824 0x1018 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:03:13.0870 0x1018 Msfs - ok
21:03:13.0917 0x1018 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:03:13.0933 0x1018 msisadrv - ok
21:03:13.0980 0x1018 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:03:14.0026 0x1018 MSiSCSI - ok
21:03:14.0058 0x1018 msiserver - ok
21:03:14.0104 0x1018 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:03:14.0151 0x1018 MSKSSRV - ok
21:03:14.0167 0x1018 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:03:14.0198 0x1018 MSPCLOCK - ok
21:03:14.0214 0x1018 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:03:14.0276 0x1018 MSPQM - ok
21:03:14.0307 0x1018 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:03:14.0338 0x1018 MsRPC - ok
21:03:14.0370 0x1018 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:03:14.0385 0x1018 mssmbios - ok
21:03:14.0448 0x1018 MSSQL$MSSMLBIZ - ok
21:03:14.0479 0x1018 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:03:14.0494 0x1018 MSSQLServerADHelper - ok
21:03:14.0526 0x1018 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:03:14.0557 0x1018 MSTEE - ok
21:03:14.0572 0x1018 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
21:03:14.0604 0x1018 Mup - ok
21:03:14.0635 0x1018 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
21:03:14.0697 0x1018 napagent - ok
21:03:14.0760 0x1018 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:03:14.0806 0x1018 NativeWifiP - ok
21:03:14.0869 0x1018 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:03:14.0900 0x1018 NDIS - ok
21:03:14.0931 0x1018 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:03:14.0978 0x1018 NdisTapi - ok
21:03:15.0009 0x1018 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:03:15.0040 0x1018 Ndisuio - ok
21:03:15.0087 0x1018 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:03:15.0134 0x1018 NdisWan - ok
21:03:15.0165 0x1018 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:03:15.0196 0x1018 NDProxy - ok
21:03:15.0228 0x1018 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:03:15.0259 0x1018 NetBIOS - ok
21:03:15.0290 0x1018 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:03:15.0352 0x1018 netbt - ok
21:03:15.0399 0x1018 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
21:03:15.0415 0x1018 Netlogon - ok
21:03:15.0446 0x1018 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
21:03:15.0477 0x1018 Netman - ok
21:03:15.0524 0x1018 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:15.0540 0x1018 NetMsmqActivator - ok
21:03:15.0555 0x1018 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:15.0571 0x1018 NetPipeActivator - ok
21:03:15.0602 0x1018 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
21:03:15.0649 0x1018 netprofm - ok
21:03:15.0664 0x1018 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:15.0680 0x1018 NetTcpActivator - ok
21:03:15.0696 0x1018 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:03:15.0711 0x1018 NetTcpPortSharing - ok
21:03:15.0883 0x1018 [ E559EA9138C77B5D1FDA8C558764A25F, F89DA7D8289B65DCD9ADCAC576C36AD62BE694F85E289A3CE59035688A3ECDF3 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:03:16.0132 0x1018 NETw5v32 - ok
21:03:16.0195 0x1018 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:03:16.0195 0x1018 nfrd960 - ok
21:03:16.0226 0x1018 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
21:03:16.0257 0x1018 NlaSvc - ok
21:03:16.0273 0x1018 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:03:16.0320 0x1018 Npfs - ok
21:03:16.0351 0x1018 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
21:03:16.0413 0x1018 nsi - ok
21:03:16.0444 0x1018 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:03:16.0507 0x1018 nsiproxy - ok
21:03:16.0585 0x1018 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:03:16.0678 0x1018 Ntfs - ok
21:03:16.0741 0x1018 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:03:16.0803 0x1018 ntrigdigi - ok
21:03:16.0834 0x1018 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
21:03:16.0866 0x1018 Null - ok
21:03:16.0897 0x1018 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:03:16.0912 0x1018 nvraid - ok
21:03:16.0928 0x1018 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:03:16.0944 0x1018 nvstor - ok
21:03:16.0975 0x1018 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:03:16.0990 0x1018 nv_agp - ok
21:03:17.0006 0x1018 NwlnkFlt - ok
21:03:17.0006 0x1018 NwlnkFwd - ok
21:03:17.0053 0x1018 [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:03:17.0084 0x1018 ohci1394 - ok
21:03:17.0131 0x1018 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:17.0146 0x1018 ose - ok
21:03:17.0193 0x1018 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:03:17.0287 0x1018 p2pimsvc - ok
21:03:17.0349 0x1018 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
21:03:17.0396 0x1018 p2psvc - ok
21:03:17.0443 0x1018 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
21:03:17.0490 0x1018 Parport - ok
21:03:17.0505 0x1018 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:03:17.0521 0x1018 partmgr - ok
21:03:17.0552 0x1018 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:03:17.0614 0x1018 Parvdm - ok
21:03:17.0661 0x1018 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
21:03:17.0708 0x1018 PcaSvc - ok
21:03:17.0755 0x1018 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
21:03:17.0770 0x1018 pci - ok
21:03:17.0802 0x1018 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
21:03:17.0817 0x1018 pciide - ok
21:03:17.0864 0x1018 [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:03:17.0880 0x1018 pcmcia - ok
21:03:17.0942 0x1018 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:03:18.0067 0x1018 PEAUTH - ok
21:03:18.0176 0x1018 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
21:03:18.0379 0x1018 pla - ok
21:03:18.0457 0x1018 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:03:18.0504 0x1018 PlugPlay - ok
21:03:18.0550 0x1018 [ 29A26236447E5B5E3FCE5E33168C43E0, 6BEA8990AAFDDF4D022C6C1C71E36536ED49FCA8B90BDCC33F9BE18951C113A2 ] PMSveH C:\Program Files\Lenovo\PM Driver\PMSveH.exe
21:03:18.0582 0x1018 PMSveH - detected UnsignedFile.Multi.Generic ( 1 )
21:03:18.0582 0x1018 PMSveH ( UnsignedFile.Multi.Generic ) - warning
21:03:18.0644 0x1018 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:03:18.0675 0x1018 PNRPAutoReg - ok
21:03:18.0738 0x1018 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:03:18.0784 0x1018 PNRPsvc - ok
21:03:18.0847 0x1018 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:03:18.0909 0x1018 PolicyAgent - ok
21:03:18.0940 0x1018 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:03:19.0003 0x1018 PptpMiniport - ok
21:03:19.0034 0x1018 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
21:03:19.0065 0x1018 Processor - ok
21:03:19.0112 0x1018 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
21:03:19.0143 0x1018 ProfSvc - ok
21:03:19.0159 0x1018 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
21:03:19.0174 0x1018 ProtectedStorage - ok
21:03:19.0206 0x1018 [ F8A25F1DD8B2C332CBC663E3579566E7, 85413753DBEDCDD367DC655B4A8FCEF8A5F7919DA1D5EE6773DC4677A95C829F ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:03:19.0221 0x1018 psadd - ok
21:03:19.0299 0x1018 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:03:19.0346 0x1018 PSched - ok
21:03:19.0393 0x1018 [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:03:19.0408 0x1018 PxHelp20 - ok
21:03:19.0533 0x1018 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:03:19.0627 0x1018 ql2300 - ok
21:03:19.0674 0x1018 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:03:19.0689 0x1018 ql40xx - ok
21:03:19.0736 0x1018 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
21:03:19.0783 0x1018 QWAVE - ok
21:03:19.0830 0x1018 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:03:19.0876 0x1018 QWAVEdrv - ok
21:03:19.0908 0x1018 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:03:19.0954 0x1018 RasAcd - ok
21:03:20.0001 0x1018 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
21:03:20.0032 0x1018 RasAuto - ok
21:03:20.0064 0x1018 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:03:20.0126 0x1018 Rasl2tp - ok
21:03:20.0204 0x1018 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
21:03:20.0282 0x1018 RasMan - ok
21:03:20.0329 0x1018 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:03:20.0391 0x1018 RasPppoe - ok
21:03:20.0422 0x1018 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:03:20.0438 0x1018 RasSstp - ok
21:03:20.0625 0x1018 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:03:20.0703 0x1018 rdbss - ok
21:03:20.0781 0x1018 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:03:20.0844 0x1018 RDPCDD - ok
21:03:20.0922 0x1018 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:03:20.0968 0x1018 rdpdr - ok
21:03:20.0984 0x1018 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:03:21.0015 0x1018 RDPENCDD - ok
21:03:21.0062 0x1018 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:03:21.0093 0x1018 RDPWD - ok
21:03:21.0171 0x1018 [ B33C88DF3588ACF250B87A004526C31A, 7D9FAE5C36CA9414F7E49C96C7799A3A1464D421AB2F023E7E9CF1371AD13E5B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:03:21.0218 0x1018 RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
21:03:21.0218 0x1018 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
21:03:21.0280 0x1018 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
21:03:21.0312 0x1018 RemoteAccess - ok
21:03:21.0343 0x1018 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:03:21.0374 0x1018 RemoteRegistry - ok
21:03:21.0405 0x1018 [ 6482707F9F4DA0ECBAB43B2E0398A101, 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:03:21.0468 0x1018 RFCOMM - ok
21:03:21.0592 0x1018 [ ADA991D7A02130FA78413281A134330B, 0615426A3BF6A6BA3B82955ABF9C9EE02F93B35FFD660A78AA6A3BB07A75F0A3 ] Roxio UPnP Renderer 10 C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
21:03:21.0608 0x1018 Roxio UPnP Renderer 10 - ok
21:03:21.0655 0x1018 [ 11F07111105072F81C03A437423E88EE, 5628D6C1894EB1DF4B43987610FD70C07742A2EE73418CDB6574CC5C2F3B7F6B ] Roxio Upnp Server 10 C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
21:03:21.0686 0x1018 Roxio Upnp Server 10 - ok
21:03:21.0764 0x1018 [ 7C334636B539FBFA65BD3B6DA75B9D30, 434AD1769283224D54D0D20AD84833102DEDBF794810155F9026A81E5D99365B ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
21:03:21.0811 0x1018 RoxLiveShare10 - ok
21:03:21.0873 0x1018 [ EB9EEB379848F356797EB9EF31114CA5, 07C4BE23612D5799685DB4FC920639FF8547788896BC5BCF07F4979EEC96231E ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:03:22.0045 0x1018 RoxMediaDB10 - ok
21:03:22.0092 0x1018 [ 640E33EFB13278BEDD3699DFA88185E5, BD7113BC1EE8119416A9ABF4059EE44863CD867096C9D02DDB6D01BEF77A84C0 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
21:03:22.0123 0x1018 RoxWatch10 - ok
21:03:22.0138 0x1018 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
21:03:22.0185 0x1018 RpcLocator - ok
21:03:22.0248 0x1018 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
21:03:22.0294 0x1018 RpcSs - ok
21:03:22.0341 0x1018 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:03:22.0388 0x1018 rspndr - ok
21:03:22.0404 0x1018 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
21:03:22.0419 0x1018 SamSs - ok
21:03:22.0435 0x1018 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:03:22.0450 0x1018 sbp2port - ok
21:03:22.0497 0x1018 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:03:22.0528 0x1018 SCardSvr - ok
21:03:22.0575 0x1018 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
21:03:22.0638 0x1018 Schedule - ok
21:03:22.0684 0x1018 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
21:03:22.0716 0x1018 SCPolicySvc - ok
21:03:22.0731 0x1018 [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:03:22.0794 0x1018 sdbus - ok
21:03:22.0840 0x1018 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:03:22.0856 0x1018 SDRSVC - ok
21:03:22.0872 0x1018 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:03:22.0950 0x1018 secdrv - ok
21:03:22.0981 0x1018 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
21:03:23.0028 0x1018 seclogon - ok
21:03:23.0059 0x1018 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
21:03:23.0121 0x1018 SENS - ok
21:03:23.0168 0x1018 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:03:23.0215 0x1018 Serenum - ok
21:03:23.0230 0x1018 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
21:03:23.0277 0x1018 Serial - ok
21:03:23.0293 0x1018 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:03:23.0324 0x1018 sermouse - ok
21:03:23.0371 0x1018 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
21:03:23.0402 0x1018 SessionEnv - ok
21:03:23.0433 0x1018 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:03:23.0449 0x1018 sffdisk - ok
21:03:23.0464 0x1018 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:03:23.0511 0x1018 sffp_mmc - ok
21:03:23.0542 0x1018 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:03:23.0574 0x1018 sffp_sd - ok
21:03:23.0605 0x1018 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:23.0636 0x1018 sfloppy - ok
21:03:23.0683 0x1018 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:03:23.0745 0x1018 SharedAccess - ok
21:03:23.0792 0x1018 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:03:23.0823 0x1018 ShellHWDetection - ok
21:03:23.0854 0x1018 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:03:23.0870 0x1018 sisagp - ok
21:03:23.0901 0x1018 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:03:23.0917 0x1018 SiSRaid2 - ok
21:03:23.0932 0x1018 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:03:23.0948 0x1018 SiSRaid4 - ok
21:03:24.0120 0x1018 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
21:03:24.0385 0x1018 slsvc - ok
21:03:24.0447 0x1018 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:03:24.0494 0x1018 SLUINotify - ok
21:03:24.0541 0x1018 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:03:24.0603 0x1018 Smb - ok
21:03:24.0666 0x1018 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:03:24.0681 0x1018 SNMPTRAP - ok
21:03:24.0712 0x1018 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
21:03:24.0728 0x1018 spldr - ok
21:03:24.0759 0x1018 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
21:03:24.0775 0x1018 Spooler - ok
21:03:24.0806 0x1018 [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:03:24.0822 0x1018 SQLBrowser - ok
21:03:24.0853 0x1018 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:03:24.0853 0x1018 SQLWriter - ok
21:03:24.0900 0x1018 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
21:03:24.0946 0x1018 srv - ok
21:03:24.0978 0x1018 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:03:25.0009 0x1018 srv2 - ok
21:03:25.0024 0x1018 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:03:25.0087 0x1018 srvnet - ok
21:03:25.0118 0x1018 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:03:25.0165 0x1018 SSDPSRV - ok
21:03:25.0180 0x1018 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:03:25.0196 0x1018 ssmdrv - ok
21:03:25.0227 0x1018 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:03:25.0243 0x1018 SstpSvc - ok
21:03:25.0290 0x1018 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
21:03:25.0352 0x1018 stisvc - ok
21:03:25.0446 0x1018 [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:03:25.0461 0x1018 stllssvr - ok
21:03:25.0539 0x1018 [ F1262146970C5B73159E3727ACDE8278, B3854E98EB36562DEAB3BF24B88608241864E48C3FF840320DEB769231C31270 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
21:03:25.0570 0x1018 SUService - detected UnsignedFile.Multi.Generic ( 1 )
21:03:25.0570 0x1018 SUService ( UnsignedFile.Multi.Generic ) - warning
21:03:25.0617 0x1018 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:03:25.0633 0x1018 swenum - ok
21:03:25.0664 0x1018 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
21:03:25.0726 0x1018 swprv - ok
21:03:25.0742 0x1018 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:03:25.0758 0x1018 Symc8xx - ok
21:03:25.0773 0x1018 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:03:25.0789 0x1018 Sym_hi - ok
21:03:25.0836 0x1018 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:03:25.0851 0x1018 Sym_u3 - ok
21:03:25.0898 0x1018 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
21:03:25.0976 0x1018 SysMain - ok
21:03:26.0007 0x1018 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:03:26.0038 0x1018 TabletInputService - ok
21:03:26.0070 0x1018 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:03:26.0132 0x1018 TapiSrv - ok
21:03:26.0163 0x1018 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
21:03:26.0194 0x1018 TBS - ok
21:03:26.0241 0x1018 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:03:26.0319 0x1018 Tcpip - ok
21:03:26.0397 0x1018 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:03:26.0475 0x1018 Tcpip6 - ok
21:03:26.0506 0x1018 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:03:26.0553 0x1018 tcpipreg - ok
21:03:26.0678 0x1018 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:03:26.0725 0x1018 TDPIPE - ok
21:03:26.0756 0x1018 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:03:26.0803 0x1018 TDTCP - ok
21:03:26.0834 0x1018 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:03:26.0865 0x1018 tdx - ok
21:03:26.0881 0x1018 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:03:26.0912 0x1018 TermDD - ok
21:03:26.0943 0x1018 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
21:03:27.0084 0x1018 TermService - ok
21:03:27.0208 0x1018 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
21:03:27.0240 0x1018 Themes - ok
21:03:27.0302 0x1018 [ 9626746A9B120D2ED537DD8D76278405, E566408C85B90BF35581AF9C5FDCAEDDFC52746ACFDEBD209F3DB5188DCE072B ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:03:27.0380 0x1018 ThinkVantage Registry Monitor Service - ok
21:03:27.0427 0x1018 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
21:03:27.0442 0x1018 THREADORDER - ok
21:03:27.0489 0x1018 [ 93CFFC9CB0D4354FDF60C4982DD3D379, F3B96BD31C8124F09BE745B84669C7092546B5920FBAD324A3B5E210D6FFF700 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:03:27.0489 0x1018 TPHKSVC - detected UnsignedFile.Multi.Generic ( 1 )
21:03:27.0505 0x1018 TPHKSVC ( UnsignedFile.Multi.Generic ) - warning
21:03:27.0552 0x1018 [ CB258C2F726F1BE73C507022BE33EBB3, 096A6027D3C0D4D09DC4038505FAEA41E5DD9F62782CED648DC14314F138D666 ] TPM C:\Windows\system32\drivers\tpm.sys
21:03:27.0567 0x1018 TPM - ok
21:03:27.0598 0x1018 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
21:03:27.0645 0x1018 TrkWks - ok
21:03:27.0708 0x1018 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:03:27.0754 0x1018 TrustedInstaller - ok
21:03:27.0801 0x1018 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:27.0832 0x1018 tssecsrv - ok
21:03:27.0864 0x1018 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:03:27.0895 0x1018 tunmp - ok
21:03:27.0942 0x1018 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:03:27.0988 0x1018 tunnel - ok
21:03:28.0066 0x1018 [ 1A9F115D6F82FC0753D06599E42B2295, 3DFDB7017676D1B62B0AFA55A991067127CBDC033047BF3080AEF05F4F8E51AE ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
21:03:28.0082 0x1018 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic ( 1 )
21:03:28.0082 0x1018 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0160 0x1018 [ 43FFBB6AF7245C97865ADA74B8CEECF9, 28EE815849FE9D500DD40AEF6558BA35801D9741B26618F6FFC9CADCB9AB2E31 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:03:28.0238 0x1018 TVT Backup Service - detected UnsignedFile.Multi.Generic ( 1 )
21:03:28.0238 0x1018 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0238 0x1018 Force sending object to P2P due to detect: TVT Backup Service
21:03:28.0254 0x1018 Object send P2P result: false
21:03:28.0347 0x1018 [ 58BC366538A8A1F252D2750C1F5193B6, 35705F73EC4A86736C497C5D1EDF91203AADFC2A0B62350360511FE8621F1650 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:03:28.0441 0x1018 TVT Scheduler - detected UnsignedFile.Multi.Generic ( 1 )
21:03:28.0441 0x1018 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0503 0x1018 [ 49258A02A1E8D304ED88B0F1C56B1738, 4BB23E4C37BB2A0DAF465FE93C0AF6E0D3E6AE85605382E08FFE80403CBC2DAF ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
21:03:28.0534 0x1018 tvtfilter - detected UnsignedFile.Multi.Generic ( 1 )
21:03:28.0534 0x1018 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0534 0x1018 Force sending object to P2P due to detect: tvtfilter
21:03:28.0534 0x1018 Object send P2P result: false
21:03:28.0581 0x1018 [ 7E66DDA1EF146BFC3A6E36E08E036602, 8F053BA611059E514E3C718ADB2E697E64B62FB182E2CD13F3AD379EAA5D3392 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
21:03:28.0597 0x1018 TVTI2C - ok
21:03:28.0628 0x1018 [ 2D1EC233C89416BA8187C9D7D49A075A, FE6B5817CA55840F7B7D60C191C465CF293A820170B82FA09EC3DE60B2162EAF ] tvtumon C:\Windows\system32\DRIVERS\tvtumon.sys
21:03:28.0659 0x1018 tvtumon - ok
21:03:28.0690 0x1018 [ 3152355EA8E8274D4FDA092F454DA7C0, E9F7270EF088EBC0B8F5EC7983D0D0E9B319592EE300403F5418390E4A507004 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
21:03:28.0722 0x1018 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic ( 1 )
21:03:28.0722 0x1018 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
21:03:28.0784 0x1018 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:03:28.0784 0x1018 uagp35 - ok
21:03:28.0846 0x1018 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:03:28.0878 0x1018 udfs - ok
21:03:28.0924 0x1018 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:03:28.0987 0x1018 UI0Detect - ok
21:03:29.0002 0x1018 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:03:29.0018 0x1018 uliagpkx - ok
21:03:29.0049 0x1018 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:03:29.0080 0x1018 uliahci - ok
21:03:29.0096 0x1018 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:03:29.0112 0x1018 UlSata - ok
21:03:29.0127 0x1018 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:03:29.0143 0x1018 ulsata2 - ok
21:03:29.0174 0x1018 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:03:29.0205 0x1018 umbus - ok
21:03:29.0236 0x1018 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
21:03:29.0268 0x1018 upnphost - ok
21:03:29.0314 0x1018 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:29.0330 0x1018 usbccgp - ok
21:03:29.0377 0x1018 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:03:29.0439 0x1018 usbcir - ok
21:03:29.0502 0x1018 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:03:29.0517 0x1018 usbehci - ok
21:03:29.0548 0x1018 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:03:29.0580 0x1018 usbhub - ok
21:03:29.0595 0x1018 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:03:29.0642 0x1018 usbohci - ok
21:03:29.0689 0x1018 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:03:29.0720 0x1018 usbprint - ok
21:03:29.0782 0x1018 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:03:29.0798 0x1018 usbscan - ok
21:03:29.0814 0x1018 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:29.0860 0x1018 USBSTOR - ok
21:03:29.0892 0x1018 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:03:29.0907 0x1018 usbuhci - ok
21:03:29.0954 0x1018 [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:03:30.0001 0x1018 usbvideo - ok
21:03:30.0048 0x1018 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
21:03:30.0063 0x1018 UxSms - ok
21:03:30.0110 0x1018 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
21:03:30.0188 0x1018 vds - ok
21:03:30.0235 0x1018 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:30.0297 0x1018 vga - ok
21:03:30.0328 0x1018 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:03:30.0391 0x1018 VgaSave - ok
21:03:30.0422 0x1018 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:03:30.0438 0x1018 viaagp - ok
21:03:30.0453 0x1018 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:03:30.0484 0x1018 ViaC7 - ok
21:03:30.0500 0x1018 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
21:03:30.0516 0x1018 viaide - ok
21:03:30.0594 0x1018 [ B9DFDA5510FFFB6C8B825271E3E3D2E0, 57B47428721DEC0AA68566944B374104BA153CB1DE0B60FCBBB49531FE3F4277 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys
21:03:30.0656 0x1018 vm331avs - ok
21:03:30.0672 0x1018 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:03:30.0687 0x1018 volmgr - ok
21:03:30.0734 0x1018 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:03:30.0750 0x1018 volmgrx - ok
21:03:30.0781 0x1018 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:03:30.0812 0x1018 volsnap - ok
21:03:30.0843 0x1018 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:03:30.0859 0x1018 vsmraid - ok
21:03:30.0921 0x1018 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
21:03:31.0046 0x1018 VSS - ok
21:03:31.0077 0x1018 vToolbarUpdater11.0.2 - ok
21:03:31.0124 0x1018 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
21:03:31.0155 0x1018 W32Time - ok
21:03:31.0186 0x1018 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:03:31.0233 0x1018 WacomPen - ok
21:03:31.0249 0x1018 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:03:31.0296 0x1018 Wanarp - ok
21:03:31.0311 0x1018 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:03:31.0327 0x1018 Wanarpv6 - ok
21:03:31.0389 0x1018 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:03:31.0420 0x1018 wcncsvc - ok
21:03:31.0452 0x1018 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:03:31.0483 0x1018 WcsPlugInService - ok
21:03:31.0514 0x1018 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
21:03:31.0530 0x1018 Wd - ok
21:03:31.0576 0x1018 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:03:31.0654 0x1018 Wdf01000 - ok
21:03:31.0686 0x1018 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:03:31.0748 0x1018 WdiServiceHost - ok
21:03:31.0764 0x1018 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:03:31.0795 0x1018 WdiSystemHost - ok
21:03:31.0842 0x1018 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
21:03:31.0888 0x1018 WebClient - ok
21:03:31.0935 0x1018 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:03:31.0982 0x1018 Wecsvc - ok
21:03:32.0013 0x1018 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:03:32.0076 0x1018 wercplsupport - ok
21:03:32.0122 0x1018 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
21:03:32.0138 0x1018 WerSvc - ok
21:03:32.0185 0x1018 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4, A6020D41FEA0CC76D0C3CA3A88F3E9493022CD5A549E18B02D69A482B579F339 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:03:32.0200 0x1018 WimFltr - ok
21:03:32.0263 0x1018 [ BB9CBAF6AC20452B245C324F1F50EE81, 0458CF8DE26E1F04AE278A1856E2C0285569E1438605793ED791F91E71B1FFD1 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:03:32.0310 0x1018 winachsf - ok
21:03:32.0372 0x1018 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:03:32.0388 0x1018 WinDefend - ok
21:03:32.0403 0x1018 WinHttpAutoProxySvc - ok
21:03:32.0450 0x1018 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:03:32.0481 0x1018 Winmgmt - ok
21:03:32.0559 0x1018 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
21:03:32.0668 0x1018 WinRM - ok
21:03:32.0746 0x1018 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:03:32.0793 0x1018 Wlansvc - ok
21:03:32.0840 0x1018 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:03:32.0887 0x1018 WmiAcpi - ok
21:03:32.0934 0x1018 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:03:32.0980 0x1018 wmiApSrv - ok
21:03:33.0090 0x1018 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:03:33.0199 0x1018 WMPNetworkSvc - ok
21:03:33.0246 0x1018 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:03:33.0292 0x1018 WPCSvc - ok
21:03:33.0324 0x1018 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:03:33.0355 0x1018 WPDBusEnum - ok
21:03:33.0386 0x1018 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:03:33.0417 0x1018 WpdUsb - ok
21:03:33.0573 0x1018 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:03:33.0620 0x1018 WPFFontCache_v0400 - ok
21:03:33.0651 0x1018 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:03:33.0698 0x1018 ws2ifsl - ok
21:03:33.0760 0x1018 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
21:03:33.0807 0x1018 wscsvc - ok
21:03:33.0807 0x1018 WSearch - ok
21:03:33.0916 0x1018 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
21:03:34.0057 0x1018 wuauserv - ok
21:03:34.0135 0x1018 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:03:34.0166 0x1018 WudfPf - ok
21:03:34.0213 0x1018 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:03:34.0244 0x1018 WUDFRd - ok
21:03:34.0291 0x1018 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:03:34.0338 0x1018 wudfsvc - ok
21:03:34.0369 0x1018 [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:03:34.0400 0x1018 XAudio - ok
21:03:34.0447 0x1018 [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:03:34.0509 0x1018 XAudioService - ok
21:03:34.0525 0x1018 ================ Scan global ===============================
21:03:34.0556 0x1018 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
21:03:34.0587 0x1018 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:03:34.0618 0x1018 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:03:34.0650 0x1018 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
21:03:34.0665 0x1018 [ Global ] - ok
21:03:34.0665 0x1018 ================ Scan MBR ==================================
21:03:34.0681 0x1018 [ 2837EFC7A6F32E461756B99F9CBF5EAD ] \Device\Harddisk0\DR0
21:03:35.0149 0x1018 \Device\Harddisk0\DR0 - ok
21:03:35.0149 0x1018 ================ Scan VBR ==================================
21:03:35.0164 0x1018 [ D662A0E84B50F04CDE7E80E2739D2673 ] \Device\Harddisk0\DR0\Partition1
21:03:35.0211 0x1018 \Device\Harddisk0\DR0\Partition1 - ok
21:03:35.0211 0x1018 [ 4CF70AE20A5912DE90E13EB4C9371EDC ] \Device\Harddisk0\DR0\Partition2
21:03:35.0242 0x1018 \Device\Harddisk0\DR0\Partition2 - ok
21:03:35.0242 0x1018 [ 4E0C5465842355980E32494F5C4E6FDE ] \Device\Harddisk0\DR0\Partition3
21:03:35.0274 0x1018 \Device\Harddisk0\DR0\Partition3 - ok
21:03:35.0274 0x1018 ================ Scan generic autorun ======================
21:03:35.0320 0x1018 [ 6194A2EC98A8ECA80CE19262E639A2C5, 78E1A46AC8DCF7039A96DA8F3E7725E4365C81BEF787E203BEF238A18E8F5F7B ] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
21:03:35.0336 0x1018 PMHandler - ok
21:03:35.0367 0x1018 [ 4FFF728CD684A4480AC1F97B12B35DC8, D926CD22FDE83A9ED341134B42ED9D883D18969364C47C4DEAFBAEA77CE9C69D ] C:\Program Files\Apoint2K\Apoint.exe
21:03:35.0383 0x1018 Apoint - ok
21:03:35.0430 0x1018 [ 8A0BFB1FC46B90A1C582270699F9F710, B41D933C014FA0A2535E9BB4648FBA1AF57DCACA033F4C6D13817BBB5A961B5C ] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
21:03:35.0445 0x1018 TPFNF7 - ok
21:03:35.0461 0x1018 [ B88AEDC37F38E014DFD9C404CA2BBDEB, E50FB3763B95EAE1324E60DB855D9C165A181F67519795E476E09677DB05665C ] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
21:03:35.0476 0x1018 TPWAUDAP - ok
21:03:35.0617 0x1018 [ D3ED6781554B19D622BD42C7C513E7E0, 40E1CE9511A5177163EE81203FE3E3DB20E2AF2C013A0694DF60899833DA31A6 ] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
21:03:35.0788 0x1018 SmartAudio - ok
21:03:35.0851 0x1018 [ 7ED8C3C6EF0D5BBB5F2B93A293D5371B, 69385DF41AED16DF45BF79A1287E79BC0BA10B6ED3CDE070CEA4022DFC22E5F9 ] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
21:03:35.0898 0x1018 TVT Scheduler Proxy - detected UnsignedFile.Multi.Generic ( 1 )
21:03:35.0898 0x1018 TVT Scheduler Proxy ( UnsignedFile.Multi.Generic ) - warning
21:03:35.0929 0x1018 [ 8338E8D8D5B07F10A80D420CEB305015, F96B4C9524A782A55EEE287D59ABC1DC95167BC13EE401AE475971415D049670 ] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
21:03:35.0944 0x1018 LPManager - ok
21:03:36.0022 0x1018 [ 104ABDFD2CCEC96488754A8315AC355D, 153250DF017B4ACFD4BBB6D8B774319662734FC873FAE7A115075431E22BDFCD ] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
21:03:36.0054 0x1018 RoxWatchTray - ok
21:03:36.0147 0x1018 [ 84DE627927756582F4054F99CAEED757, FB7568D598EDE856CF31B0DBEEC1DE39E1C999348EF0407FD007A5FCA0A5351B ] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
21:03:36.0241 0x1018 RoxioDragToDisc - ok
21:03:36.0303 0x1018 [ 88D2CF1840FB4B13A1A1281FCD7F3EED, A89391D78913E60B4058CBAA4B8A365702120F38A5E0A4D4F839082913651D32 ] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
21:03:36.0303 0x1018 CameraApplicationLauncher - detected UnsignedFile.Multi.Generic ( 1 )
21:03:36.0303 0x1018 CameraApplicationLauncher ( UnsignedFile.Multi.Generic ) - warning
21:03:36.0350 0x1018 [ 3D73C8112E8E74CEC63F207A14B3D6D9, BBB8519415116D09759B2C2C05E663B17BA3C2FD13272A94FF796656E99691F9 ] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
21:03:36.0366 0x1018 AMSG - detected UnsignedFile.Multi.Generic ( 1 )
21:03:36.0366 0x1018 AMSG ( UnsignedFile.Multi.Generic ) - warning
21:03:36.0444 0x1018 [ 1C97744415763394DACA9A405A99D83E, 37251FD6DCF7D3D7C238D462844DC6D87892652AADD5179384492D25F4F1BF16 ] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
21:03:36.0490 0x1018 ACTray - ok
21:03:36.0537 0x1018 [ 2D1BFA56C5985A3753F0DACA2667B751, 181D4ACBF3EBDD9D99E9CCCF9E8E386EA06C13412D2DF2DACA6584D116C9BAC9 ] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
21:03:36.0553 0x1018 ACWlIcon - ok
21:03:36.0693 0x1018 [ 851383DAEF93961E9868A1474AFFEEBD, 6262E7FF3D356FA4FC9523D941A0D9B09E7450AA466EA6063A0C264F1B99F1AE ] C:\Program Files\avmwlanstick\wlangui.exe
21:03:36.0802 0x1018 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
21:03:36.0818 0x1018 AVMWlanClient ( UnsignedFile.Multi.Generic ) - warning
21:03:36.0818 0x1018 Force sending object to P2P due to detect: C:\Program Files\avmwlanstick\wlangui.exe
21:03:36.0865 0x1018 Object send P2P result: false
21:03:36.0912 0x1018 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
21:03:36.0927 0x1018 IgfxTray - ok
21:03:36.0958 0x1018 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
21:03:36.0974 0x1018 HotKeysCmds - ok
21:03:37.0005 0x1018 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
21:03:37.0021 0x1018 Persistence - ok
21:03:37.0114 0x1018 [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
21:03:37.0161 0x1018 avgnt - ok
21:03:37.0208 0x1018 [ 257733A9EE4FFFC2842CE4F294367A9D, AE55D3FBB85D8754515BA1DFBDF86894000F722FA6CD5C4231174600727F2031 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
21:03:37.0224 0x1018 Avira Systray - ok
21:03:37.0302 0x1018 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
21:03:37.0458 0x1018 Sidebar - ok
21:03:37.0536 0x1018 [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
21:03:37.0551 0x1018 ehTray.exe - ok
21:03:37.0567 0x1018 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40010 ( disabled : outofdate )
21:03:37.0582 0x1018 Win FW state via NFP2: enabled
21:03:37.0582 0x1018 ============================================================
21:03:37.0582 0x1018 Scan finished
21:03:37.0582 0x1018 ============================================================
21:03:37.0598 0x0a38 Detected object count: 18
21:03:37.0598 0x0a38 Actual detected object count: 18
21:04:15.0334 0x0a38 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0334 0x0a38 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0350 0x0a38 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0350 0x0a38 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0366 0x0a38 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0366 0x0a38 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0366 0x0a38 TPHKSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0366 0x0a38 TPHKSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0366 0x0a38 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0366 0x0a38 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0366 0x0a38 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0366 0x0a38 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0366 0x0a38 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0366 0x0a38 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 TVT Scheduler Proxy ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 TVT Scheduler Proxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 CameraApplicationLauncher ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 CameraApplicationLauncher ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 AMSG ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 AMSG ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:15.0381 0x0a38 AVMWlanClient ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:15.0381 0x0a38 AVMWlanClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Loki
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
06.09.2014, 20:41
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Das dürfte so i.O. gehen. Der TDSS-Killer ist manchmal etwas hystertisch Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2014, 21:11
| #9 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Die nutzen zu Hause nen AVM Stick & Surf und die Verbindung wollte ich nicht löschen. Denn dann hätte ich vor Ort die Verbindung wieder neu einrichten müssen. Das WLAN Adapter im Lenovo scheint schon seit "Jahren" nicht mehr richtig zu ticken. Habs aber auch nur halbherzig versucht zum laufen zu bekommen, ohne mein WLAN Netz jetz auch umkrempeln zu müssen. Hätte meine Fritzbox einen Anschluss mehr, hätte ich noch ein Kabel über gehabt, aber so hab ich halt die Logs hin und her geschoben.^^
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
06.09.2014, 22:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2014, 22:45
| #11 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet So adw Log: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 06/09/2014 um 23:18:53
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : wilbet - WILBET-MOBIL
# Gestartet von : C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\File Type Assistant
Ordner Gelöscht : C:\Program Files\FinalMediaPlayer
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\wilbet\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\wilbet\AppData\LocalLow\DataMngr
***** [ Tasks ] *****
Task Gelöscht : ProgramRefresh-ATFST
Task Gelöscht : ProgramUpdateCheck
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\SOFTWARE\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16563
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [31804 octets] - [10/10/2013 17:59:38]
AdwCleaner[R1].txt - [932 octets] - [10/10/2013 18:12:12]
AdwCleaner[R2].txt - [7644 octets] - [25/01/2014 13:35:28]
AdwCleaner[S0].txt - [29963 octets] - [10/10/2013 18:04:20]
AdwCleaner[S1].txt - [4384 octets] - [06/09/2014 23:18:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4444 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by wilbet on 06.09.2014 at 23:23:43,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2305096267-3803267540-2786178057-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F87460D-D3DF-4878-B02C-16F1FBE45B71}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\wilbet\AppData\Roaming\mozilla\firefox\profiles\zy0jvk8q.default-1403376139352\minidumps [16 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.09.2014 at 23:27:05,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by wilbet (administrator) on WILBET-MOBIL on 06-09-2014 23:27:52
Running from C:\Users\wilbet\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Conexant) C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Roxio) C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Lenovo) C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PM Driver\PMHandler.exe [34352 2007-10-12] (Lenovo)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [163840 2008-03-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-30] (Lenovo Group Limited)
HKLM\...\Run: [TPWAUDAP] => C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54560 2008-03-11] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2701880 2008-07-21] (Conexant)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-05-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] => C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [120368 2007-04-26] (Lenovo Group Limited)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [1116920 2007-03-13] (Roxio)
HKLM\...\Run: [CameraApplicationLauncher] => C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2008-10-07] ()
HKLM\...\Run: [AMSG] => C:\Program Files\ThinkVantage\AMSG\Amsg.exe [458752 2009-03-06] (LENOVO)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431392 2008-08-07] (Lenovo)
HKLM\...\Run: [ACWlIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [148768 2008-08-07] (Lenovo)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [1904640 2009-05-07] (AVM Berlin)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2305096267-3803267540-2786178057-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook
SearchScopes: HKCU - {2C0D2B19-14BA-4274-9C99-D14BBBA408E0} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {6A0FC47B-D436-44F2-966D-3527C3119C02} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {77D9BD89-FB4A-4BA1-A9B5-C01CDD5EE929} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {8C5617BE-4D4C-4FB0-9A4E-EAF13C661457} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {BDBB7E66-E88F-4F58-87F9-9CE89A95E7E2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {E1996CFE-053B-40AC-BB8B-641B52EB7572} URL = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {F538D86D-F658-4EFD-90F9-19262D5AE149} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
FireFox:
========
FF ProfilePath: C:\Users\wilbet\AppData\Roaming\Mozilla\Firefox\Profiles\zy0jvk8q.default-1403376139352
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-11]
Chrome:
=======
CHR CustomProfile: C:\Users\wilbet\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-15] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [368640 2009-05-07] (AVM Berlin) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [522792 2008-08-26] (Broadcom Corporation.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54560 2008-03-14] (Lenovo.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2006-05-24] (Lenovo) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel(R) Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) [File not signed]
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [53325 2008-08-08] (Lenovo Group Limited) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-24] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-24] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-24] (Lenovo Group Limited) [File not signed]
S2 vToolbarUpdater11.0.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2009-05-07] (AVM Berlin) [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-08-20] (COMPAL ELECTRONIC INC.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2008-11-15] (Lenovo) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 23:27 - 2014-09-06 23:27 - 00001247 _____ () C:\Users\wilbet\Desktop\JRT.txt
2014-09-06 23:23 - 2014-09-06 23:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 23:14 - 2014-09-06 23:12 - 01370483 _____ () C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
2014-09-06 23:14 - 2014-09-06 23:12 - 01016261 _____ (Thisisu) C:\Users\wilbet\Desktop\JRT.exe
2014-09-06 21:04 - 2014-09-06 21:05 - 00110841 _____ () C:\Users\wilbet\Desktop\TDSS.txt.txt
2014-09-06 21:01 - 2014-09-06 20:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wilbet\Desktop\tdsskiller.exe
2014-09-06 20:33 - 2014-09-06 20:33 - 00012944 _____ () C:\Users\wilbet\Desktop\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:31 - 00012944 _____ () C:\ComboFix.txt
2014-09-06 20:13 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-06 20:13 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-06 20:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-06 20:13 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-06 20:09 - 2014-09-06 20:31 - 00000000 ____D () C:\Qoobox
2014-09-06 20:08 - 2014-09-06 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 20:05 - 2014-09-06 20:02 - 05576440 ____R (Swearware) C:\Users\wilbet\Desktop\ComboFix.exe
2014-09-06 15:48 - 2014-09-06 15:50 - 00000393 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-09-06 12:45 - 2014-09-06 12:45 - 00000000 ____D () C:\Windows\pss
2014-09-05 11:25 - 2014-09-05 11:25 - 00000796 _____ () C:\Windows\setupact.log
2014-09-05 11:25 - 2014-09-05 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 00:22 - 2014-09-05 11:25 - 00002878 _____ () C:\Users\wilbet\Desktop\gmer.log
2014-09-04 23:45 - 2014-09-04 23:57 - 00000000 _____ () C:\Users\wilbet\Desktop\gmer.txt.txt
2014-09-04 11:56 - 2014-09-04 11:56 - 00061752 _____ () C:\Users\wilbet\Desktop\Addition.txt
2014-09-04 11:55 - 2014-09-06 23:27 - 00016567 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:49 - 2014-09-06 23:27 - 00000000 ____D () C:\FRST
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 18:47 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 18:47 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 13:37 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:37 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:37 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 13:37 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 11:53 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 11:53 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 11:52 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 11:47 - 2014-07-24 19:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 11:47 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 11:47 - 2014-07-24 19:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 11:47 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 11:47 - 2014-07-24 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 11:47 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 11:47 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:47 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 11:46 - 2014-07-24 20:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 11:46 - 2014-07-24 19:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 11:46 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 11:46 - 2014-07-24 19:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 11:46 - 2014-07-24 19:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 11:46 - 2014-07-24 19:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 11:46 - 2014-07-24 19:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 11:46 - 2014-07-24 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 11:46 - 2014-07-24 19:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 11:46 - 2014-07-24 19:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 23:28 - 2014-09-04 11:55 - 00016567 _____ () C:\Users\wilbet\Desktop\FRST.txt
2014-09-06 23:27 - 2014-09-06 23:27 - 00001247 _____ () C:\Users\wilbet\Desktop\JRT.txt
2014-09-06 23:27 - 2014-09-04 11:49 - 00000000 ____D () C:\FRST
2014-09-06 23:25 - 2008-11-15 05:22 - 02025258 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 23:23 - 2014-09-06 23:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 23:20 - 2008-01-21 04:47 - 00506286 _____ () C:\Windows\PFRO.log
2014-09-06 23:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 23:20 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 23:20 - 2006-11-02 14:47 - 00004016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 23:19 - 2008-11-15 05:23 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-06 23:19 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-06 23:18 - 2013-10-10 17:59 - 00000000 ____D () C:\AdwCleaner
2014-09-06 23:12 - 2014-09-06 23:14 - 01370483 _____ () C:\Users\wilbet\Desktop\adwcleaner_3.309.exe
2014-09-06 23:12 - 2014-09-06 23:14 - 01016261 _____ (Thisisu) C:\Users\wilbet\Desktop\JRT.exe
2014-09-06 22:53 - 2012-04-10 18:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 21:05 - 2014-09-06 21:04 - 00110841 _____ () C:\Users\wilbet\Desktop\TDSS.txt.txt
2014-09-06 20:59 - 2014-09-06 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wilbet\Desktop\tdsskiller.exe
2014-09-06 20:33 - 2014-09-06 20:33 - 00012944 _____ () C:\Users\wilbet\Desktop\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:31 - 00012944 _____ () C:\ComboFix.txt
2014-09-06 20:31 - 2014-09-06 20:09 - 00000000 ____D () C:\Qoobox
2014-09-06 20:31 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-09-06 20:31 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-09-06 20:29 - 2014-09-06 20:08 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 20:25 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-09-06 20:23 - 2006-11-02 12:22 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 45875200 _____ () C:\Windows\system32\config\COMPON~2.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 22282240 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-06 20:23 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-06 20:02 - 2014-09-06 20:05 - 05576440 ____R (Swearware) C:\Users\wilbet\Desktop\ComboFix.exe
2014-09-06 15:50 - 2014-09-06 15:48 - 00000393 _____ () C:\Users\Public\Documents\BluetoothLog.html
2014-09-06 12:48 - 2008-12-25 12:01 - 00000000 ____D () C:\Program Files\Windows Live Toolbar
2014-09-06 12:45 - 2014-09-06 12:45 - 00000000 ____D () C:\Windows\pss
2014-09-05 11:25 - 2014-09-05 11:25 - 00000796 _____ () C:\Windows\setupact.log
2014-09-05 11:25 - 2014-09-05 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 11:25 - 2014-09-05 00:22 - 00002878 _____ () C:\Users\wilbet\Desktop\gmer.log
2014-09-04 23:57 - 2014-09-04 23:45 - 00000000 _____ () C:\Users\wilbet\Desktop\gmer.txt.txt
2014-09-04 12:02 - 2008-04-16 15:45 - 01714928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 11:56 - 2014-09-04 11:56 - 00061752 _____ () C:\Users\wilbet\Desktop\Addition.txt
2014-09-04 11:55 - 2014-09-04 11:55 - 01096704 _____ (Farbar) C:\Users\wilbet\Desktop\FRST.exe
2014-09-04 11:55 - 2014-09-04 11:55 - 00380416 _____ () C:\Users\wilbet\Desktop\Gmer-19357.exe
2014-09-04 11:45 - 2014-09-04 11:45 - 00000000 ____D () C:\Users\wilbet\Documents\Bluetooth-Exchange-Ordner
2014-08-31 20:30 - 2009-12-27 12:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 20:15 - 2008-12-31 17:19 - 00000000 ____D () C:\Users\wilbet\AppData\Roaming\ZoomBrowser EX
2014-08-31 19:51 - 2014-08-31 19:51 - 00000000 ____D () C:\Users\wilbet\AppData\Local\Adobe
2014-08-29 19:57 - 2006-11-02 14:47 - 00442248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 18:46 - 2008-11-15 05:51 - 00000000 ____D () C:\Program Files\Java
2014-08-23 03:03 - 2014-08-29 18:47 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-29 18:47 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 17:18 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 16:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 15:44 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 13:43 - 2012-04-10 18:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 13:43 - 2011-05-22 11:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 11:58 - 2013-08-02 19:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 11:55 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-15 11:28 - 2014-08-15 11:28 - 00001012 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-15 11:28 - 2013-10-13 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-15 11:28 - 2012-11-04 16:08 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:28 - 2012-03-13 14:55 - 00000000 ____D () C:\ProgramData\Avira
2014-08-15 11:27 - 2014-08-15 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-10 15:55 - 2008-12-31 17:08 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-08-10 15:49 - 2014-08-10 15:49 - 00000000 ____D () C:\Users\wilbet\Bluetooth Software
2014-08-10 15:49 - 2008-12-25 12:01 - 00000000 ____D () C:\Users\wilbet
Some content of TEMP:
====================
C:\Users\wilbet\AppData\Local\Temp\avgnt.exe
C:\Users\wilbet\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 23:27
==================== End Of Log ============================
zu guter Letzt die Additions: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by wilbet at 2014-09-06 23:40:56
Running from C:\Users\wilbet\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}) (Version: 9.0.124.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.13.00 - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{9EC9754D-CA34-4293-B5DB-3BD245A88A43}) (Version: 1.5.42.1190 - ArcSoft)
ArcSoft MediaImpression 2 (HKLM\...\{81FC0476-9507-4CD3-95A7-2BE60E256D1D}) (Version: 2.0.27.846 - ArcSoft)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.52.12 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.27 - Lenovo)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.1.0.7 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.2.0.5 - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.4.2.6 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Digital Photo Professional 2.2 (HKLM\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.55.0.0 - Conexant)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - )
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
EDEKA Foto (HKLM\...\EDEKA Foto) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Ergänzung zu Lenovo Care (HKLM\...\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}) (Version: 2.00 - )
ERROR:unable to read certificate file (Version: 10.1.177 - Roxio) Hidden
Free YouTube Download version 3.2.2.430 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
GMX Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 1.7.0.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x86 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00.50 - Conexant Systems)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1268 - InterVideo Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.5100 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.5100 - Lenovo.)
Lenovo Care (HKLM\...\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}) (Version: 2.10 - )
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.0701.01 - )
Lenovo Registration (HKLM\...\Lenovo Registration) (Version: - Lenovo - Leader Technologies)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01b - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor 5 für Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
PM Driver (HKLM\...\InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}) (Version: 0.64.0.2 - Lenovo)
PM Driver (Version: 0.64.0.2 - Lenovo) Hidden
Power Ux Customization (Version: 1.00.0000 - Lenovo) Hidden
Präsentationsdirektor (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.0.0022.00 - Lenovo Group Limited)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Registry patch for Windows Vista USB S3 PM Enablement (HKLM\...\USBPMon) (Version: 1.00 - )
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (HKLM\...\FPIRPOn) (Version: 1.01 - )
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (HKLM\...\Dipmon) (Version: 1.01 - )
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.21.0014.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Ski Racing 2006 (HKLM\...\{97DDA53A-8346-467A-880C-655E847CC7D3}) (Version: 1.0.0 - JoWooD)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0024 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{4BD295B9-0190-4C54-B08E-33A6ECA922DF}) (Version: 5.02 - Lenovo)
ThinkVantage Status Gadget (HKLM\...\{AF70B943-5081-4BD8-88F2-75637FD34364}) (Version: 1.1.0026 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.21 - ) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Wallpapers (Version: - ) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2305096267-3803267540-2786178057-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
==================== Restore Points =========================
31-08-2014 23:38:59 Geplanter Prüfpunkt
06-09-2014 10:47:41 Windows Live Toolbar wird entfernt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-09-06 20:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {118C03A0-FF22-4216-A12A-0F30148E1645} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - wilbet => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {18D71246-626B-4FB4-9618-F180109F649B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {190A0345-389D-4138-81FE-EBE1256869A4} - System32\Tasks\Message Center plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {1B7ED24A-DE96-4245-BED5-0E8FF57F4626} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {21B10927-3D62-49FF-9610-10E0DCC9E447} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56FE3F50-EAC8-4D78-A649-51D4BE895C8E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6A7181B8-E69F-4E5C-80A0-3AFC6E2E870F} - System32\Tasks\OpenCandyHelperRunOnceFC1794B1622C4497B86974E008DEBFAF => C:\Users\wilbet\AppData\Roaming\OpenCandy\BBF507B2348E405786A11F859E502354\OCBrowserHelper_1.0.6.125.exe
Task: {6B7736C4-DE16-4C9A-A71D-C3AE0AE2670C} - System32\Tasks\OpenCandyHelperRunOnceC91E86EB5F384596AC5F1DB8B6959092 => C:\Users\wilbet\AppData\Roaming\OpenCandy\0E6BC8CBEFBE43EBA03D248497A47DA6\OCBrowserHelper_1.0.6.125.exe
Task: {8CFB5653-AA90-44F1-AC2E-9F6D39629C14} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A7725A42-AF1B-436F-BA51-6218375112D2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B635F47A-6E1D-4783-8957-71C3E4FCFF4A} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {D83C11A3-3889-4B9C-999E-7C1527BC1EBF} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2008-04-30 20:13 - 2008-04-30 20:13 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-05-24 17:17 - 2008-05-24 17:17 - 00520192 ____N () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2008-05-24 17:03 - 2008-05-24 17:03 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2006-05-24 14:33 - 2006-05-24 14:33 - 00024576 ____N () C:\Program Files\Lenovo\PM Driver\PMHlerIO.dll
2008-09-28 19:18 - 2008-09-28 19:18 - 00139264 ____N () c:\Program Files\Common Files\Lenovo\CDRecord.dll
2008-11-15 05:49 - 2007-06-18 17:28 - 00056056 ____N () C:\Windows\system32\DLAAPI_W.DLL
2014-09-06 20:28 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\wilbet\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00028672 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00020480 ____N () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00024576 ____N () C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll
2008-10-07 12:28 - 2008-10-07 12:28 - 00007680 ____N () C:\Program Files\Lenovo\Camera Center\bin\de\LocalizationWrapper.resources.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==================== Faulty Device Manager Devices =============
Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: isatap.{0E0B4D89-4FE0-43F3-A21B-DE0D4548ECFB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-12 15:10:24.290
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:10:23.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:04:23.691
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 15:04:23.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:58:11.775
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:58:11.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:30.780
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:30.302
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:24.509
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-12 14:57:24.064
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 38%
Total physical RAM: 3031.65 MB
Available physical RAM: 1866.13 MB
Total Pagefile: 6275.56 MB
Available Pagefile: 4970.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.02 MB
==================== Drives ================================
Drive c: (SW_Preload) (Fixed) (Total:286.86 GB) (Free:194.99 GB) NTFS
Drive d: () (Removable) (Total:1.93 GB) (Free:1.71 GB) FAT
Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.01 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 34ECC3B1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 824F8352)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)
==================== End Of Log ============================
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
06.09.2014, 22:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2014, 10:33
| #13 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Guten Morgen, hier das MBAM Log: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.09.2014 Suchlauf-Zeit: 00:11:31 Logdatei: mbbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.06.07 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: wilbet Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 303580 Verstrichene Zeit: 12 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.OpenCandy.A, C:\Windows\System32\Tasks\OpenCandyHelperRunOnceC91E86EB5F384596AC5F1DB8B6959092, In Quarantäne, [0b646f7b245759ddfa8d8bd2ba4a45bb], PUP.Optional.OpenCandy.A, C:\Windows\System32\Tasks\OpenCandyHelperRunOnceFC1794B1622C4497B86974E008DEBFAF, In Quarantäne, [4b2451997efd72c45d2a6cf144c0966a], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9b8091c85777fc43814b29d6a57ca219
# engine=20034
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-06 11:46:57
# local_time=2014-09-07 01:46:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 556417 275466907 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 5399 247579945 0 0
# scanned=166027
# found=14
# cleaned=0
# scan_time=4569
sh=D987048C3FF42F81F39E3B15E57F32AF7AA0BD00 ft=1 fh=47df87911e710cf9 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Delta\delta\1.8.21.5\deltaEng.dll.vir"
sh=781F353EA130DCB9C496D35204CB5AB96C4DCCBF ft=1 fh=7e2601b6c3711131 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Delta\delta\1.8.21.5\deltasrv.exe.vir"
sh=AE0BF6A9D8E66B04214FEBB5BF4B086E8AA34498 ft=1 fh=502ed3b2eef6754b vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Delta\delta\1.8.21.5\uninstall.exe.vir"
sh=F2804D091BEC900E3984853DD856EA199F4C5AB2 ft=1 fh=b6352ca64d82ae0c vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\ftacfg.exe.vir"
sh=4F6A504DAE2929C4B753AD772D96BBFAC3F8CA53 ft=1 fh=6a48d7e397d98671 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\TSASetup.exe.vir"
sh=FD1BBC58B1E5527626449865725E489DD63146CE ft=1 fh=810032c115ad72d7 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\tsassist.exe.vir"
sh=4F6A504DAE2929C4B753AD772D96BBFAC3F8CA53 ft=1 fh=6a48d7e397d98671 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\temp\~tmp.exe.vir"
sh=3130C978F077C311A5719022D7B6EDEE924655C8 ft=1 fh=97f1f7e37678f550 vn="Win32/ELEX.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wilbet\AppData\Local\Temp\eIntaller\B5F17E4035D04ca2A78027D157839A9D\eGdpSvc.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wilbet\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wilbet\AppData\Roaming\OpenCandy\0E6BC8CBEFBE43EBA03D248497A47DA6\DeltaTB.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wilbet\AppData\Roaming\OpenCandy\A7264A6311E64A4F8D1FFED528BCC307\DeltaTB.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wilbet\AppData\Roaming\OpenCandy\BBF507B2348E405786A11F859E502354\DeltaTB.exe.vir"
sh=0A5D594B277E29C9854223A8AC46DD156C7B0E0E ft=1 fh=55550162f6ca8b1a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\FreeYouTubeDownload.exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\downloads\FreeYouTubeToMP3Converter.exe"
Loki
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
07.09.2014, 11:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Warten? Ach was, irgendwann brauch sogar ich mal etwas Schlaf  Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\downloads\FreeYouTubeDownload.exe
C:\downloads\FreeYouTubeToMP3Converter.exe
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2014, 12:23
| #15 |
| | Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet Bitte sehr: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by wilbet at 2014-09-07 13:12:03 Run:1
Running from C:\Users\wilbet\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\downloads\FreeYouTubeDownload.exe
C:\downloads\FreeYouTubeToMP3Converter.exe
EmptyTemp:
*****************
C:\downloads\FreeYouTubeDownload.exe => Moved successfully.
C:\downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
EmptyTemp: => Removed 435.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
__________________ - Niemand ist 100% sicher! - (User mit gefährlichem Halbwissen) |
|
| Themen zu Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware, antivirus, bildschirm, canon, converter, dvdvideosoft ltd., email, fehlercode 0x0, flash player, monitor, mozilla, prozess, pup.optional.opencandy.a, registry, required, secure search, siehe titel, software, svchost.exe, system, vtoolbarupdater, win32/elex.s, win32/filetypeassistant.a, win32/toolbar.babylon.c, win32/toolbar.babylon.i, win32/toolbar.conduit, win32/toolbar.montiera.a, win32/toolbar.montiera.b, windows |
Linear-Darstellung
