| |
| |||||||
Log-Analyse und Auswertung: Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloadenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.10.2014, 19:08
| #1 |
 |  Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden hallo, mein neuer win7 Computer hat Probleme beim browsen mit ff. permanent öffnen sich popups die behaupten der Computer würde abstürzen, man müsste einen neuen mediaplayer runterladen und beim wegklicken öffnet sich ein download-fenster. avira hat auch schon einen fund, damit lässt es sich aber offensichtlich nicht beheben. das logfile von avira als erstes und dann nach eurer Anleitung: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 12. Oktober 2014 18:39
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PHILIPP-PC
Versionsinformationen:
BUILD.DAT : 14.0.7.306 92015 Bytes 24.09.2014 12:44:00
AVSCAN.EXE : 14.0.7.266 1014576 Bytes 24.09.2014 10:44:21
AVSCANRC.DLL : 14.0.7.220 65272 Bytes 24.09.2014 10:44:21
LUKE.DLL : 14.0.7.220 59696 Bytes 24.09.2014 10:44:26
AVSCPLR.DLL : 14.0.7.266 94512 Bytes 24.09.2014 10:44:21
REPAIR.DLL : 14.0.7.266 366328 Bytes 24.09.2014 10:44:21
REPAIR.RDF : 1.0.2.4 492601 Bytes 10.10.2014 07:41:46
AVREG.DLL : 14.0.7.220 264952 Bytes 24.09.2014 10:44:21
AVLODE.DLL : 14.0.7.266 563448 Bytes 24.09.2014 10:44:21
AVLODE.RDF : 14.0.4.46 64835 Bytes 24.09.2014 10:44:21
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00156.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00157.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00158.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00159.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00160.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00161.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00162.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00163.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00164.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:25
XBV00165.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00166.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00167.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00168.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00169.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00170.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00171.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00172.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00173.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00174.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00175.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00176.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:26
XBV00177.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00178.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00179.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00180.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00181.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00182.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00183.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00184.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00185.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:27
XBV00186.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00187.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00188.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00189.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00190.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00191.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:28
XBV00192.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00193.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00194.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00195.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00196.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00197.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00198.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00199.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:29
XBV00200.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00201.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00202.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00203.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00204.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00205.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00206.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00207.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00208.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00209.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00210.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00211.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00212.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00213.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00214.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00215.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00216.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00217.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00218.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00219.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00220.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00221.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00222.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00223.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00224.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00225.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00226.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:30
XBV00227.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00228.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00229.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00230.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00231.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00232.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00233.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00234.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00235.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00236.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00237.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00238.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00239.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00240.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00241.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00242.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00243.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:31
XBV00244.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00245.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00246.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00247.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00248.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00249.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00250.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00251.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00252.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00253.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00254.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00255.VDF : 8.11.175.172 2048 Bytes 30.09.2014 07:41:32
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:44:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:44:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:44:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:44:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:44:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:44:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:44:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:44:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 10:44:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 10:44:30
XBV00042.VDF : 8.11.175.172 1208832 Bytes 30.09.2014 07:41:17
XBV00043.VDF : 8.11.175.174 36864 Bytes 30.09.2014 07:41:17
XBV00044.VDF : 8.11.175.178 5632 Bytes 30.09.2014 07:41:17
XBV00045.VDF : 8.11.175.180 11264 Bytes 30.09.2014 07:41:17
XBV00046.VDF : 8.11.175.194 9728 Bytes 30.09.2014 07:41:17
XBV00047.VDF : 8.11.175.206 3072 Bytes 30.09.2014 07:41:17
XBV00048.VDF : 8.11.175.218 2560 Bytes 30.09.2014 07:41:18
XBV00049.VDF : 8.11.175.222 24576 Bytes 01.10.2014 07:41:18
XBV00050.VDF : 8.11.175.224 28160 Bytes 01.10.2014 07:41:18
XBV00051.VDF : 8.11.175.230 3072 Bytes 01.10.2014 07:41:18
XBV00052.VDF : 8.11.175.232 17408 Bytes 01.10.2014 07:41:18
XBV00053.VDF : 8.11.175.234 19456 Bytes 01.10.2014 07:41:18
XBV00054.VDF : 8.11.175.236 11264 Bytes 01.10.2014 07:41:18
XBV00055.VDF : 8.11.175.238 12288 Bytes 01.10.2014 07:41:18
XBV00056.VDF : 8.11.175.254 10240 Bytes 01.10.2014 07:41:18
XBV00057.VDF : 8.11.176.8 5120 Bytes 01.10.2014 07:41:18
XBV00058.VDF : 8.11.176.18 5120 Bytes 01.10.2014 07:41:18
XBV00059.VDF : 8.11.176.20 6144 Bytes 02.10.2014 07:41:18
XBV00060.VDF : 8.11.176.26 27136 Bytes 02.10.2014 07:41:18
XBV00061.VDF : 8.11.176.28 16384 Bytes 02.10.2014 07:41:18
XBV00062.VDF : 8.11.176.30 17408 Bytes 02.10.2014 07:41:18
XBV00063.VDF : 8.11.176.40 2048 Bytes 02.10.2014 07:41:18
XBV00064.VDF : 8.11.176.50 11264 Bytes 02.10.2014 07:41:18
XBV00065.VDF : 8.11.176.60 5632 Bytes 02.10.2014 07:41:18
XBV00066.VDF : 8.11.176.70 2048 Bytes 02.10.2014 07:41:18
XBV00067.VDF : 8.11.176.82 11264 Bytes 02.10.2014 07:41:18
XBV00068.VDF : 8.11.176.86 18944 Bytes 02.10.2014 07:41:18
XBV00069.VDF : 8.11.176.88 2048 Bytes 02.10.2014 07:41:19
XBV00070.VDF : 8.11.176.90 9216 Bytes 02.10.2014 07:41:19
XBV00071.VDF : 8.11.176.92 2048 Bytes 03.10.2014 07:41:19
XBV00072.VDF : 8.11.176.96 31744 Bytes 03.10.2014 07:41:19
XBV00073.VDF : 8.11.176.98 18432 Bytes 03.10.2014 07:41:19
XBV00074.VDF : 8.11.176.108 17408 Bytes 03.10.2014 07:41:19
XBV00075.VDF : 8.11.176.116 11264 Bytes 03.10.2014 07:41:19
XBV00076.VDF : 8.11.176.124 16384 Bytes 03.10.2014 07:41:19
XBV00077.VDF : 8.11.176.126 6144 Bytes 03.10.2014 07:41:19
XBV00078.VDF : 8.11.176.128 8192 Bytes 03.10.2014 07:41:19
XBV00079.VDF : 8.11.176.130 5632 Bytes 03.10.2014 07:41:19
XBV00080.VDF : 8.11.176.132 12288 Bytes 03.10.2014 07:41:19
XBV00081.VDF : 8.11.176.134 10752 Bytes 03.10.2014 07:41:19
XBV00082.VDF : 8.11.176.136 14848 Bytes 03.10.2014 07:41:19
XBV00083.VDF : 8.11.176.138 12800 Bytes 03.10.2014 07:41:19
XBV00084.VDF : 8.11.176.140 5632 Bytes 03.10.2014 07:41:19
XBV00085.VDF : 8.11.176.142 8704 Bytes 03.10.2014 07:41:19
XBV00086.VDF : 8.11.176.144 61440 Bytes 04.10.2014 07:41:19
XBV00087.VDF : 8.11.176.146 17920 Bytes 04.10.2014 07:41:19
XBV00088.VDF : 8.11.176.148 11264 Bytes 04.10.2014 07:41:19
XBV00089.VDF : 8.11.176.150 57856 Bytes 05.10.2014 07:41:19
XBV00090.VDF : 8.11.176.158 3072 Bytes 05.10.2014 07:41:19
XBV00091.VDF : 8.11.176.166 7680 Bytes 05.10.2014 07:41:19
XBV00092.VDF : 8.11.176.180 2048 Bytes 05.10.2014 07:41:19
XBV00093.VDF : 8.11.176.188 50176 Bytes 06.10.2014 07:41:19
XBV00094.VDF : 8.11.176.190 2048 Bytes 06.10.2014 07:41:19
XBV00095.VDF : 8.11.176.192 10752 Bytes 06.10.2014 07:41:20
XBV00096.VDF : 8.11.176.194 4608 Bytes 06.10.2014 07:41:20
XBV00097.VDF : 8.11.176.202 4608 Bytes 06.10.2014 07:41:20
XBV00098.VDF : 8.11.176.208 66560 Bytes 06.10.2014 07:41:20
XBV00099.VDF : 8.11.176.214 2048 Bytes 06.10.2014 07:41:20
XBV00100.VDF : 8.11.176.226 2048 Bytes 06.10.2014 07:41:20
XBV00101.VDF : 8.11.176.238 31232 Bytes 06.10.2014 07:41:20
XBV00102.VDF : 8.11.176.244 12288 Bytes 06.10.2014 07:41:20
XBV00103.VDF : 8.11.176.250 18944 Bytes 06.10.2014 07:41:20
XBV00104.VDF : 8.11.176.254 17408 Bytes 06.10.2014 07:41:20
XBV00105.VDF : 8.11.177.0 6656 Bytes 07.10.2014 07:41:20
XBV00106.VDF : 8.11.177.4 15872 Bytes 07.10.2014 07:41:20
XBV00107.VDF : 8.11.177.6 4608 Bytes 07.10.2014 07:41:20
XBV00108.VDF : 8.11.177.12 6144 Bytes 07.10.2014 07:41:20
XBV00109.VDF : 8.11.177.16 3072 Bytes 07.10.2014 07:41:20
XBV00110.VDF : 8.11.177.20 8704 Bytes 07.10.2014 07:41:20
XBV00111.VDF : 8.11.177.24 3072 Bytes 07.10.2014 07:41:20
XBV00112.VDF : 8.11.177.26 4608 Bytes 07.10.2014 07:41:20
XBV00113.VDF : 8.11.177.30 16896 Bytes 07.10.2014 07:41:20
XBV00114.VDF : 8.11.177.32 2048 Bytes 07.10.2014 07:41:20
XBV00115.VDF : 8.11.177.34 9728 Bytes 07.10.2014 07:41:20
XBV00116.VDF : 8.11.177.36 2048 Bytes 07.10.2014 07:41:20
XBV00117.VDF : 8.11.177.40 49152 Bytes 07.10.2014 07:41:20
XBV00118.VDF : 8.11.177.42 6656 Bytes 07.10.2014 07:41:20
XBV00119.VDF : 8.11.177.46 13312 Bytes 08.10.2014 07:41:20
XBV00120.VDF : 8.11.177.48 6656 Bytes 08.10.2014 07:41:20
XBV00121.VDF : 8.11.177.50 4608 Bytes 08.10.2014 07:41:20
XBV00122.VDF : 8.11.177.52 2560 Bytes 08.10.2014 07:41:21
XBV00123.VDF : 8.11.177.70 19968 Bytes 08.10.2014 07:41:21
XBV00124.VDF : 8.11.177.78 6656 Bytes 08.10.2014 07:41:21
XBV00125.VDF : 8.11.177.86 13312 Bytes 08.10.2014 07:41:21
XBV00126.VDF : 8.11.177.88 2048 Bytes 08.10.2014 07:41:21
XBV00127.VDF : 8.11.177.90 15360 Bytes 08.10.2014 07:41:21
XBV00128.VDF : 8.11.177.92 2048 Bytes 08.10.2014 07:41:21
XBV00129.VDF : 8.11.177.94 4096 Bytes 08.10.2014 07:41:21
XBV00130.VDF : 8.11.177.96 13824 Bytes 08.10.2014 07:41:21
XBV00131.VDF : 8.11.177.98 4608 Bytes 09.10.2014 07:41:21
XBV00132.VDF : 8.11.177.100 6144 Bytes 09.10.2014 07:41:21
XBV00133.VDF : 8.11.177.102 12800 Bytes 09.10.2014 07:41:22
XBV00134.VDF : 8.11.177.104 16896 Bytes 09.10.2014 07:41:22
XBV00135.VDF : 8.11.177.106 11264 Bytes 09.10.2014 07:41:22
XBV00136.VDF : 8.11.177.108 15360 Bytes 09.10.2014 07:41:22
XBV00137.VDF : 8.11.177.110 23040 Bytes 09.10.2014 07:41:22
XBV00138.VDF : 8.11.177.112 2048 Bytes 09.10.2014 07:41:22
XBV00139.VDF : 8.11.177.116 20480 Bytes 09.10.2014 07:41:22
XBV00140.VDF : 8.11.177.118 2560 Bytes 09.10.2014 07:41:22
XBV00141.VDF : 8.11.177.122 10240 Bytes 10.10.2014 07:41:22
XBV00142.VDF : 8.11.177.124 2048 Bytes 10.10.2014 07:41:22
XBV00143.VDF : 8.11.177.126 3072 Bytes 10.10.2014 07:41:22
XBV00144.VDF : 8.11.177.134 14336 Bytes 10.10.2014 15:34:29
XBV00145.VDF : 8.11.177.146 14848 Bytes 10.10.2014 15:34:29
XBV00146.VDF : 8.11.177.156 33792 Bytes 10.10.2014 15:34:29
XBV00147.VDF : 8.11.177.158 2048 Bytes 10.10.2014 15:34:29
XBV00148.VDF : 8.11.177.162 26624 Bytes 10.10.2014 15:34:29
XBV00149.VDF : 8.11.177.164 10240 Bytes 10.10.2014 15:34:29
XBV00150.VDF : 8.11.177.168 20480 Bytes 11.10.2014 15:34:29
XBV00151.VDF : 8.11.177.172 15872 Bytes 11.10.2014 15:34:29
XBV00152.VDF : 8.11.177.180 36352 Bytes 12.10.2014 16:25:24
XBV00153.VDF : 8.11.177.186 2048 Bytes 12.10.2014 16:25:24
XBV00154.VDF : 8.11.177.198 11776 Bytes 12.10.2014 16:25:24
XBV00155.VDF : 8.11.177.204 2048 Bytes 12.10.2014 16:25:24
LOCAL000.VDF : 8.11.177.204 112443392 Bytes 12.10.2014 16:25:40
Engineversion : 8.3.24.36
AEVDF.DLL : 8.3.1.6 133992 Bytes 24.09.2014 10:44:20
AESCRIPT.DLL : 8.2.0.28 436136 Bytes 10.10.2014 07:41:17
AESCN.DLL : 8.3.2.2 139456 Bytes 24.09.2014 10:44:20
AESBX.DLL : 8.2.20.24 1409224 Bytes 24.09.2014 10:44:20
AERDL.DLL : 8.2.0.138 704888 Bytes 24.09.2014 10:44:20
AEPACK.DLL : 8.4.0.54 788392 Bytes 10.10.2014 07:41:17
AEOFFICE.DLL : 8.3.0.30 223144 Bytes 10.10.2014 07:41:17
AEHEUR.DLL : 8.1.4.1330 7613296 Bytes 10.10.2014 07:41:17
AEHELP.DLL : 8.3.1.0 278728 Bytes 24.09.2014 10:44:20
AEGEN.DLL : 8.1.7.30 453480 Bytes 10.10.2014 07:41:16
AEEXP.DLL : 8.4.2.32 247712 Bytes 24.09.2014 10:44:20
AEEMU.DLL : 8.1.3.4 399264 Bytes 24.09.2014 10:44:20
AEDROID.DLL : 8.4.2.24 442568 Bytes 24.09.2014 10:44:20
AECORE.DLL : 8.3.2.6 243712 Bytes 24.09.2014 10:44:20
AEBB.DLL : 8.1.2.0 60448 Bytes 24.09.2014 10:44:20
AVWINLL.DLL : 14.0.7.220 25904 Bytes 24.09.2014 10:44:22
AVPREF.DLL : 14.0.7.220 52016 Bytes 24.09.2014 10:44:21
AVREP.DLL : 14.0.7.220 220976 Bytes 24.09.2014 10:44:21
AVARKT.DLL : 14.0.7.220 227632 Bytes 24.09.2014 10:44:20
AVEVTLOG.DLL : 14.0.7.220 185080 Bytes 24.09.2014 10:44:20
SQLITE3.DLL : 14.0.7.220 453936 Bytes 24.09.2014 10:44:28
AVSMTP.DLL : 14.0.7.220 79096 Bytes 24.09.2014 10:44:22
NETNT.DLL : 14.0.7.220 15152 Bytes 24.09.2014 10:44:27
RCIMAGE.DLL : 14.0.7.220 4865328 Bytes 24.09.2014 10:44:27
RCTEXT.DLL : 14.0.7.240 77048 Bytes 24.09.2014 10:44:27
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_543aaa69\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Sonntag, 12. Oktober 2014 18:39
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkManager.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'DisplayLinkUserAgent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'ProtectWindowsManager.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '251' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess '582bcf3e-0479-4ecd-a2ab-f7d0076f474e.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'FBService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'vcamsvc.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'NIS.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService9x64.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Nitro_UpdateService.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'ValBioService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlk.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'BlockAndSurf.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'upmbot_fr_145.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'GestureControl.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'QuickDisplayAgent.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'NIS.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'valWBFPolicyService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'QuickControlService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SHTCTKY.EXE' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'QuickControl.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skdaemon.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAudioFilterAgent64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSCNotify.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VM331STI.EXE' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConvertAd.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcplaunch.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_15_0_0_152.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_15_0_0_152.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'LenovoDiscoverySvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'l6BlockAndSurfp84.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'FRST64.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\ProgramData\msklapag.exe'
C:\ProgramData\msklapag.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.Xpack.100263
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51d43971.qua' verschoben!
Ende des Suchlaufs: Sonntag, 12. Oktober 2014 18:40
Benötigte Zeit: 00:40 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1206 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1205 Dateien ohne Befall
8 Archive wurden durchsucht
0 Warnungen
1 Hinweis
Vielen Dank für eure hilfe! philipp |
|
12.10.2014, 19:13
| #2 |
| /// Malwareteam   | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden Hi
__________________bitte poste die Logfiles in Code Tags, wenn nötig verteilt auf mehrere Posts.
__________________ |
|
12.10.2014, 23:05
| #3 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden okay, hier also:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:29 on 12/10/2014 (Philipp)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by Philipp (administrator) on PHILIPP-PC on 12-10-2014 18:32:40
Running from C:\Users\Philipp\Downloads
Loaded Profile: Philipp (Available profiles: Philipp)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Cinema PlusV09.10) C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
() C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
() C:\Users\Philipp\AppData\Local\mbot_fr_145\upmbot_fr_145.exe
(Lenovo) C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\ver1BlockAndSurf\l6BlockAndSurfp84.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [901216 2013-04-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-30] (Lenovo Group Limited)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-07-02] (Lenovo)
HKLM-x32\...\Run: [mbot_fr_145] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe [2072576 2014-10-10] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [upmbot_fr_145.exe] => C:\Users\Philipp\AppData\Local\mbot_fr_145\upmbot_fr_145.exe [3306440 2014-10-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [3927778031] => C:\ProgramData\msklapag.exe [155648 2013-08-29] ( ())
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Run: [{353D51F7-8E6C-8FF7-6937-3E00C3E8FE3D}] => C:\Users\Philipp\AppData\Roaming\Avaxv\viwe.exe [393216 2014-10-08] (ORacle Corporation)
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\MountPoints2: {1d1435dc-45ad-11e4-90ad-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
SearchScopes: HKLM - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
SearchScopes: HKLM-x32 - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKCU - DefaultScope {398582D3-F98D-4564-9A62-DB66295FD89E} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT&q={searchTerms}
SearchScopes: HKCU - {398582D3-F98D-4564-9A62-DB66295FD89E} URL =
BHO: Cinema-Plus-1.8cV09.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho64.dll (Cinema PlusV09.10)
BHO: BlockAndSurf -> {F59D25FA-2F64-3A12-5FA1-C1D75902F0ED} -> C:\Program Files (x86)\ver1BlockAndSurf\180_x64.dll ()
BHO-x32: Cinema-Plus-1.8cV09.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho.dll (Cinema PlusV09.10)
BHO-x32: BlockAndSurf -> {F59D25FA-2F64-3A12-5FA1-C1D75902F0ED} -> C:\Program Files (x86)\ver1BlockAndSurf\180.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF user.js: detected! => C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\user.js
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ixquickde-https.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cinema-Plus-1.8cV09.10 - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\6cfae8cc4676442fa78d9dcdf@bd4ea874e76d4af1994ba.com [2014-10-10]
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\abs@avira.com [2014-10-10]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\donottrackplus@abine.com [2014-10-11]
FF Extension: Fast Start - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\faststartff@gmail.com [2014-10-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-10-11]
FF Extension: Cliqz Beta - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\cliqz@cliqz.com.xpi [2014-10-12]
FF Extension: Speed Dial - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-10-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-10-09]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-09]
FF Extension: surf slide - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{df7f363e-7587-4730-8cc5-ba707bc967f9}.xpi [2014-10-09]
FF Extension: Adblock Edge - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{065AE54A-C4EC-DDF1-946A-2A571D1C6A41}] - C:\Program Files (x86)\ver1BlockAndSurf\180.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver1BlockAndSurf\180.xpi [2014-10-10]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\extensions\cliqz@cliqz.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.sweet-page.com/?type=sc&ts=1412880469&from=cor&uid=TOSHIBAXMQ01ACF050_847BCE7ITXX847BCE7IT
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-07-02] (Lenovo)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-09] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-09] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-30] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-22] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-12] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2014-05-06] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-08] (Synaptics Incorporated)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [488960 2014-09-28] (Fuyu LIMITED) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
S2 Update surf slide; "C:\Program Files (x86)\surf slide\updatesurfslide.exe" [X]
S2 Util surf slide; "C:\Program Files (x86)\surf slide\bin\utilsurfslide.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-08] (Symantec Corporation)
S3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-10-08] (Symantec Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [56048 2013-07-02] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141008.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\ENG64.SYS [129752 2014-10-08] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\EX64.SYS [2137304 2014-10-08] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1070080 2013-12-31] (Vimicro Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [56504 2014-10-10] (Corsica)
R1 {df7f363e-7587-4730-8cc5-ba707bc967f9}Gw64; C:\Windows\System32\drivers\{df7f363e-7587-4730-8cc5-ba707bc967f9}Gw64.sys [48784 2014-10-09] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 18:32 - 2014-10-12 18:33 - 00031807 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-10-12 18:32 - 2014-10-12 18:32 - 00000000 ____D () C:\FRST
2014-10-12 18:29 - 2014-10-12 18:30 - 02110464 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-10-12 18:29 - 2014-10-12 18:29 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-10-12 18:29 - 2014-10-12 18:29 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-10-12 18:28 - 2014-10-12 18:28 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-10-11 18:12 - 2014-10-11 17:53 - 00000825 _____ () C:\Users\Philipp\Documents\indexfile.txt
2014-10-11 18:11 - 2014-10-11 18:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-11 18:11 - 2014-10-11 18:11 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00001034 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-10-11 18:05 - 2014-10-11 18:05 - 01125200 _____ () C:\Users\Philipp\Downloads\MozBackup - CHIP-Installer.exe
2014-10-11 17:57 - 2014-10-11 17:57 - 01055936 _____ (Adobe) C:\Users\Philipp\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-10-11 17:40 - 2014-10-12 18:26 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malaon
2014-10-11 17:40 - 2014-10-11 17:40 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avaxv
2014-10-11 17:38 - 2014-10-11 18:20 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment
2014-10-11 17:38 - 2014-10-11 17:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apps\2.0
2014-10-10 10:42 - 2014-10-10 10:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-10 10:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-10 10:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-10 10:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-10 10:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-10 10:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-10 10:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-10 10:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-10 10:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-10 10:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-10 10:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-10 10:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-10 10:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-10 10:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-10 10:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-10 10:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-10 10:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-10 10:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-10 10:02 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-10-10 09:46 - 2014-10-10 09:46 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avira
2014-10-10 09:41 - 2014-10-10 09:41 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps
2014-10-10 09:40 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-10 09:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-10 09:38 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-10 09:34 - 2014-10-10 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\ProgramData\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 09:34 - 2014-10-10 09:34 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-10 09:33 - 2014-10-10 09:33 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philipp\Downloads\avira_de_av_4464542853__ws.exe
2014-10-10 09:29 - 2014-10-10 09:29 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nsyF9FA.tmp
2014-10-10 09:29 - 2014-10-09 22:58 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{df7f363e-7587-4730-8cc5-ba707bc967f9}Gw64.sys
2014-10-10 09:28 - 2014-10-12 18:24 - 00000428 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-10-10 09:28 - 2014-10-10 09:28 - 00056504 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-10 09:28 - 2014-10-10 09:28 - 00003080 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2014-10-10 09:28 - 2014-10-10 09:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____D () C:\Users\Philipp\AppData\Local\ConvertAd
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____D () C:\Program Files (x86)\ver1BlockAndSurf
2014-10-10 09:27 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-10 09:27 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-10 09:27 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-10 09:27 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-10 09:27 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-10 09:24 - 2014-10-10 09:24 - 00001103 _____ () C:\Users\Philipp\Desktop\Continue Live Installation.lnk
2014-10-09 21:13 - 2014-10-09 21:13 - 00000000 ____D () C:\Program Files (x86)\predm
2014-10-09 21:11 - 2014-10-09 21:11 - 00000000 ____D () C:\Users\Philipp\AppData\Local\MyBestOffersToday
2014-10-09 20:56 - 2014-10-10 10:47 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-10-09 20:56 - 2014-10-10 10:47 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-10-09 20:56 - 2014-10-10 09:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-10-09 20:56 - 2014-10-10 09:31 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-10-09 20:56 - 2014-10-10 09:31 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-10-09 20:56 - 2014-10-10 09:31 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-10-09 20:56 - 2014-10-10 09:30 - 00001052 _____ () C:\Users\Philipp\Desktop\AnyProtect.lnk
2014-10-09 20:56 - 2014-10-09 20:56 - 00002102 _____ () C:\Users\Philipp\AppData\Roaming\aps.scan.results
2014-10-09 20:56 - 2014-10-09 20:56 - 00001164 _____ () C:\Users\Philipp\AppData\Roaming\aps.scan.quick.results
2014-10-09 20:56 - 2014-10-09 20:56 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-10-09 20:56 - 2014-10-09 20:56 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\AnyProtectEx
2014-10-09 20:55 - 2014-10-09 20:55 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2014-10-09 20:54 - 2014-10-09 20:56 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-10-09 20:54 - 2014-10-09 20:54 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nszB6F3.tmp
2014-10-09 20:54 - 2014-10-09 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\ap_movie
2014-10-09 20:48 - 2014-10-10 10:47 - 00000000 ____D () C:\Program Files (x86)\surf slide
2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\sweet-page
2014-10-09 20:48 - 2014-10-09 20:48 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-10-09 20:47 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Users\Philipp\Documents\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:46 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\pdfforge
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-09 20:44 - 2014-09-23 09:43 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-10-09 20:44 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-10-09 20:44 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-10-09 20:39 - 2014-10-12 18:22 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-10-09 20:39 - 2014-10-09 20:39 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 20:38 - 2014-10-10 09:25 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\BatteryBar
2014-10-09 20:38 - 2014-10-09 20:38 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Macromedia
2014-10-09 20:36 - 2014-10-12 18:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 20:36 - 2014-10-11 18:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 20:36 - 2014-10-11 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 20:36 - 2014-10-11 18:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-09 20:36 - 2014-10-10 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 20:36 - 2014-10-10 09:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Google
2014-10-09 20:36 - 2014-10-09 20:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-09 20:35 - 2014-10-11 18:03 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-10-09 20:35 - 2014-10-09 20:35 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-09 20:32 - 2014-10-09 20:32 - 00000000 _____ () C:\Users\Philipp\Downloads\FileOpenerSetup.exe
2014-10-09 20:27 - 2014-10-09 20:28 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 20:27 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 20:24 - 2014-10-09 20:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-09 20:23 - 2014-10-09 20:30 - 912748031 _____ () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014.zip
2014-10-09 20:23 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-10-09 20:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-09 20:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-09 20:21 - 2014-10-09 20:22 - 80521624 _____ (Apple Inc.) C:\Users\Philipp\Downloads\iTunes64Setup.exe
2014-10-09 20:18 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-09 20:18 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-09 20:16 - 2014-10-12 18:20 - 00004500 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-4.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00003474 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-1.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00002452 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5_user.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00002452 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00002116 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-2.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00001466 _____ () C:\Windows\Tasks\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.job
2014-10-09 20:16 - 2014-10-12 18:20 - 00001348 _____ () C:\Windows\Tasks\VKXWEWD.job
2014-10-09 20:16 - 2014-10-09 20:16 - 01511848 _____ (Cinema PlusV09.10) C:\Users\Philipp\AppData\Roaming\VKXWEWD.exe
2014-10-09 20:16 - 2014-10-09 20:16 - 00007530 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-4
2014-10-09 20:16 - 2014-10-09 20:16 - 00006504 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-1
2014-10-09 20:16 - 2014-10-09 20:16 - 00005482 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5
2014-10-09 20:16 - 2014-10-09 20:16 - 00005146 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-2
2014-10-09 20:16 - 2014-10-09 20:16 - 00004496 _____ () C:\Windows\System32\Tasks\582bcf3e-0479-4ecd-a2ab-f7d0076f474e
2014-10-09 20:16 - 2014-10-09 20:16 - 00004382 _____ () C:\Windows\System32\Tasks\VKXWEWD
2014-10-09 20:15 - 2014-10-12 18:20 - 00005190 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-11.job
2014-10-09 20:15 - 2014-10-12 18:20 - 00001344 _____ () C:\Windows\Tasks\BQXUP.job
2014-10-09 20:15 - 2014-10-12 18:20 - 00000974 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-09 20:15 - 2014-10-12 18:20 - 00000656 _____ () C:\Windows\Tasks\ee0a2b99-d86d-44a9-852d-f3558451f7eb.job
2014-10-09 20:15 - 2014-10-09 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\VOPackage
2014-10-09 20:15 - 2014-10-09 20:20 - 00000978 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-09 20:15 - 2014-10-09 20:15 - 01981864 _____ (Cinema PlusV09.10) C:\Users\Philipp\AppData\Roaming\BQXUP.exe
2014-10-09 20:15 - 2014-10-09 20:15 - 00008220 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-11
2014-10-09 20:15 - 2014-10-09 20:15 - 00004378 _____ () C:\Windows\System32\Tasks\BQXUP
2014-10-09 20:15 - 2014-10-09 20:15 - 00003976 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-09 20:15 - 2014-10-09 20:15 - 00003722 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-09 20:15 - 2014-10-09 20:15 - 00003690 _____ () C:\Windows\System32\Tasks\ee0a2b99-d86d-44a9-852d-f3558451f7eb
2014-10-09 20:15 - 2014-10-09 20:15 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-10-09 20:14 - 2014-10-12 18:23 - 00000000 ____D () C:\Users\Philipp\AppData\Local\mbot_fr_145
2014-10-09 20:14 - 2014-10-12 18:20 - 00003476 _____ () C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-3.job
2014-10-09 20:14 - 2014-10-10 10:53 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.8cV09.10
2014-10-09 20:14 - 2014-10-09 21:13 - 00000000 ____D () C:\Program Files (x86)\mbot_fr_145
2014-10-09 20:14 - 2014-10-09 20:15 - 00006506 _____ () C:\Windows\System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-3
2014-10-09 20:14 - 2014-10-09 20:14 - 111992144 _____ (Apple Inc.) C:\Users\Philipp\Desktop\iTunesSetup.exe
2014-10-09 20:14 - 2014-10-09 20:14 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\LookThisUp
2014-10-09 20:14 - 2014-10-09 20:14 - 00000000 ____D () C:\Users\Philipp\AppData\Local\globalUpdate
2014-10-09 20:14 - 2014-10-09 20:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-09 20:13 - 2014-10-09 20:13 - 01125200 _____ () C:\Users\Philipp\Downloads\CHIP Online Notebook Starter Kit 2014 - CHIP-Installer.exe
2014-10-09 20:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-09 20:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-09 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-09 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-09 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-09 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-09 20:11 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-10-09 20:11 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-10-09 20:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-09 20:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-09 20:10 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-09 20:10 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-09 20:10 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-09 20:10 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-09 20:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-09 20:10 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-09 20:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-09 20:09 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-09 20:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-09 20:09 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-09 20:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-09 20:08 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-09 20:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-09 20:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-09 20:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-09 20:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-09 20:03 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-09 20:03 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-09 20:03 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-09 20:03 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-09 20:03 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-09 20:03 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-09 20:02 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-09 20:02 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-09 20:01 - 2014-10-09 20:01 - 00551680 _____ (proprius habeo) C:\Users\Philipp\Downloads\iTunes.exe
2014-10-09 19:58 - 2014-10-09 20:48 - 00001358 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-09 20:47 - 00001370 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3.exe
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3 (1).exe
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-09 19:54 - 2014-10-09 19:55 - 30503712 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_24.0.1558.64_Setup.exe
2014-10-09 19:52 - 2014-10-09 19:52 - 00000000 ____D () C:\Users\Philipp\AppData\Local\IsolatedStorage
2014-10-09 19:51 - 2014-10-09 19:51 - 00000000 ____D () C:\Users\Philipp\AppData\Local\GestureControl
2014-10-09 18:23 - 2014-10-09 18:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\LSC
2014-10-09 09:30 - 2014-10-11 18:20 - 00071612 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-08 18:17 - 2014-10-08 18:17 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\PwrMgr
2014-10-08 18:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-08 17:50 - 2014-10-08 17:50 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-08 17:50 - 2014-10-08 17:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-10-08 17:02 - 2014-10-09 20:27 - 00060056 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-08 17:02 - 2014-10-08 17:50 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Lenovo
2014-10-08 17:01 - 2014-10-09 20:48 - 00001644 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\Documents\Meine empfangenen Dateien
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Leadertech
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\VirtualStore
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Downloaded Installations
2014-10-08 17:00 - 2014-10-12 18:29 - 00000000 ____D () C:\Users\Philipp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000895 _____ () C:\Users\Public\Desktop\Installieren Sie Ihre zusõtzlichen Anwendungen.lnk
2014-10-08 17:00 - 2014-10-08 17:00 - 00000020 ___SH () C:\Users\Philipp\ntuser.ini
2014-10-08 17:00 - 2014-10-08 17:00 - 00000010 _____ () C:\Windows\getvol.scp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Vorlagen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Startmenü
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Netzwerkumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Lokale Einstellungen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Eigene Dateien
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Druckumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Musik
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Bilder
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Verlauf
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Intel
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _____ () C:\Windows\firstboot.dat
2014-10-08 17:00 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-08 17:00 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Macromedia
2014-10-08 17:00 - 2009-08-25 05:18 - 01067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-08 17:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-08 17:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieUserList
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieSiteList
2014-10-08 16:04 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-08 16:04 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-08 16:04 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-08 16:04 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-08 16:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-08 16:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-26 21:22 - 2014-09-26 21:22 - 00003864 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2014-09-26 21:22 - 2014-09-26 21:22 - 00003616 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Windows\util
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2014-09-26 21:21 - 2014-09-26 21:21 - 00002033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_usb3Hub_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Program Files\Intel Corporation
2014-09-26 21:19 - 2014-09-26 21:19 - 00001991 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Users\Public\Symantec
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\SymSilent
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-26 21:19 - 2013-07-19 00:47 - 00002040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk
2014-09-26 21:18 - 2014-10-10 09:22 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-26 21:18 - 2014-09-26 21:18 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-26 21:18 - 2014-09-26 21:18 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-26 21:18 - 2014-09-26 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-26 21:17 - 2014-10-08 17:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-26 21:17 - 2014-09-26 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00001943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-26 21:16 - 2014-05-16 03:38 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-09-26 21:16 - 2014-05-16 03:38 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-09-26 21:15 - 2014-09-26 21:15 - 00000143 _____ () C:\Windows\eyesight1.cmd
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gesture Control
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\eyeSight
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\Program Files (x86)\eyeSight
2014-09-26 21:15 - 2013-07-17 09:41 - 00001345 _____ () C:\Windows\eyesight1.lnk
2014-09-26 21:15 - 2010-03-03 18:54 - 00001423 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free Skype voice and video calls.lnk
2014-09-26 21:13 - 2014-10-12 18:20 - 00000000 ____D () C:\ProgramData\Validity
2014-09-26 21:13 - 2014-10-08 18:17 - 629145600 ___SH () C:\Windows\lenovo_fastboot.img
2014-09-26 21:13 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-09-26 21:13 - 2014-09-26 21:15 - 00196608 _____ () C:\Windows\ocsetup_install_OEMHelpCustomization.etl
2014-09-26 21:13 - 2014-09-26 21:14 - 00028728 _____ () C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files\Synaptics Incorporated
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files (x86)\Lenovo Registration
2014-09-26 21:13 - 2013-07-02 08:33 - 00056048 ____N (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Fastboot.sys
2014-09-26 21:13 - 2013-06-26 11:54 - 00002254 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Evernote Installer.lnk
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-26 21:12 - 2014-10-09 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-09-26 21:12 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Reader
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Public\Lenovo
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-26 21:11 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-26 21:11 - 2014-09-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-26 21:11 - 2014-09-26 21:11 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-09-26 21:11 - 2014-09-26 21:11 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-09-26 21:10 - 2014-09-26 21:19 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-09-26 21:10 - 2014-09-26 21:10 - 00015396 _____ () C:\Windows\system32\results.xml
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files\ThinkPad
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files (x86)\ThinkPad
2014-09-26 21:10 - 2014-06-24 00:05 - 02853664 _____ (Lenovo Group Limited) C:\Windows\system32\PWMCP64V.cpl
2014-09-26 21:10 - 2014-06-24 00:05 - 02692896 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2014-09-26 21:10 - 2014-06-24 00:05 - 00020736 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR64V.SYS
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-09-26 21:06 - 2013-05-16 05:18 - 00004656 _____ () C:\Windows\system32\Drivers\SamSfPa.dat
2014-09-26 21:06 - 2012-12-03 19:27 - 00202400 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2014-09-26 21:06 - 2011-09-01 09:23 - 00447104 _____ (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
2014-09-26 21:05 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files\CONEXANT
2014-09-26 21:05 - 2014-09-26 21:05 - 00000000 ____D () C:\ProgramData\Conexant
2014-09-26 21:05 - 2013-05-15 09:27 - 00406208 _____ (Conexant Systems, Inc.) C:\Windows\system32\CSpkExt64.dll
2014-09-26 21:05 - 2013-05-14 09:43 - 01684184 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys
2014-09-26 21:05 - 2013-04-18 10:02 - 01788000 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP83.dll
2014-09-26 21:05 - 2013-02-08 23:02 - 02817632 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A35.DLL
2014-09-26 21:05 - 2013-01-25 07:57 - 02730016 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-09-26 21:05 - 2012-08-31 13:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2014-09-26 21:05 - 2012-06-29 07:04 - 00050848 _____ (Conexant Systems Inc.) C:\Windows\system32\CxPageMaster64.dll
2014-09-26 21:05 - 2012-01-16 04:42 - 00666240 _____ (Conexant Systems, Inc.) C:\Windows\system32\C3DHPExt64.dll
2014-09-26 21:05 - 2011-01-18 02:35 - 00030893 _____ () C:\Windows\system32\Drivers\Mixer.ini
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-26 21:03 - 2014-10-10 09:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Vimicro
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\USB Camera
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\vm331Rmv.ini
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\SysWOW64\vm331Rmv.ini
2014-09-26 21:02 - 2013-12-31 04:20 - 01070080 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys
2014-09-26 21:02 - 2013-12-27 10:12 - 00358912 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll
2014-09-26 21:02 - 2013-05-08 09:35 - 00408136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2014-09-26 21:02 - 2013-04-25 12:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPerIcon.dll
2014-09-26 21:02 - 2013-01-17 08:33 - 01078272 _____ () C:\Windows\system32\331prx64.ax
2014-09-26 21:02 - 2013-01-17 08:33 - 00667648 _____ () C:\Windows\SysWOW64\vmprp331.ax
2014-09-26 21:02 - 2010-06-30 11:38 - 00000356 _____ () C:\Windows\system\vm331avs.rsf
2014-09-26 21:01 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-26 21:01 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-26 21:01 - 2014-09-26 21:01 - 00001346 _____ () C:\Windows\Synaptics.log
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-09-26 21:01 - 2014-04-07 06:01 - 00745712 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00554224 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-09-26 21:01 - 2014-04-07 06:01 - 00405232 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00254704 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00208112 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-09-26 21:01 - 2014-01-07 07:20 - 00001741 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk
2014-09-26 21:01 - 2013-03-27 09:51 - 00842312 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-26 21:01 - 2013-03-27 09:51 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-09-26 21:01 - 2013-03-27 09:51 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-26 21:00 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\Lenovo USB Graphics
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-09-26 20:59 - 2014-10-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-09-26 20:59 - 2014-09-26 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-26 20:59 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-09-26 20:59 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-09-26 20:58 - 2014-10-08 17:01 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_S3-S440_20AYCTO1WW.MRK
2014-09-26 20:58 - 2014-09-26 20:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-09-26 20:58 - 2014-01-08 00:53 - 25971712 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21658624 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21007360 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 20954112 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19950592 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19202560 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 09081856 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07944704 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07596504 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 06280704 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04472320 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04220416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-09-26 20:58 - 2014-01-08 00:53 - 03556864 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 03207680 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02881536 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2014-09-26 20:58 - 2014-01-08 00:53 - 02384896 _____ () C:\Windows\system32\GfxRes.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02065920 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01815040 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01127424 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01123328 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00906200 _____ (Intel Corporation) C:\Windows\system32\igfxstarter.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00845272 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00771544 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00770520 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00755160 _____ (Intel Corporation) C:\Windows\system32\GfxUIHotKeyMenu.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00729088 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00624640 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00548864 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00530904 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00527872 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00522240 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00521728 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00517632 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00516096 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00514048 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00513536 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00493056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00397784 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00396760 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00391128 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00347648 _____ () C:\Windows\system32\igdmd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00346624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00290816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00280064 _____ () C:\Windows\SysWOW64\igdmd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-09-26 20:58 - 2014-01-08 00:53 - 00279000 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00267407 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00253466 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00243712 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00235401 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00224256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00222208 _____ () C:\Windows\system32\igdde64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00214528 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00201128 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00198725 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00194560 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00192758 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3383.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00182272 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00180936 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00180850 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00179712 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00178473 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178290 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178123 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00176838 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175862 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175571 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175067 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174802 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174269 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173792 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173276 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173059 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172833 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172554 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00171691 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00168215 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166833 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166220 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00163328 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00161534 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00160256 _____ () C:\Windows\system32\igdail64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00155136 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00154805 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00153048 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00152993 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00137728 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00133120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00066560 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00029696 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00025600 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00012288 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00002940 _____ () C:\Windows\system32\iglhxs64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2014-09-26 20:58 - 2013-12-30 23:06 - 00450520 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00790000 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00368624 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2014-09-26 20:58 - 2013-10-21 04:25 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-09-26 20:58 - 2013-02-27 09:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-09-26 20:55 - 2014-10-08 17:51 - 00000000 ____D () C:\ProgramData\Intel
2014-09-26 20:55 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Intel
2014-09-26 20:55 - 2014-09-26 20:57 - 00075099 _____ () C:\Windows\winredism.log
2014-09-26 20:55 - 2013-05-21 19:45 - 00008192 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-09-26 20:54 - 2014-09-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-26 20:54 - 2014-09-26 20:58 - 00000000 ____D () C:\Intel
2014-09-26 20:54 - 2014-09-26 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-09-26 20:54 - 2013-05-08 22:23 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-09-26 20:54 - 2013-05-08 22:23 - 00099800 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\MLPS
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\DIFX
2014-09-26 20:52 - 2014-09-26 21:04 - 00032216 _____ () C:\Windows\DPINST.LOG
2014-09-26 20:51 - 2014-09-26 20:51 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-09-26 20:50 - 2014-09-26 20:50 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-09-26 20:48 - 2014-10-11 17:40 - 02094734 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 20:45 - 2014-09-26 20:45 - 00000000 ____D () C:\Windows\CSC
2014-09-26 20:42 - 2014-09-26 20:42 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-26 20:41 - 2014-09-26 20:41 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-26 20:38 - 2014-09-26 20:38 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINASA.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2014-09-26 20:37 - 2014-09-26 20:37 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-09-26 20:37 - 2014-09-26 20:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-09-26 20:37 - 2014-09-26 20:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-09-26 20:37 - 2014-09-26 20:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-09-26 20:36 - 2014-09-26 20:37 - 00404551 _____ () C:\Windows\KB2685813.log
2014-09-26 20:36 - 2014-09-26 20:36 - 00393930 _____ () C:\Windows\KB2685811.log
2014-09-26 20:30 - 2014-09-26 20:30 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-26 20:30 - 2014-09-26 20:30 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-09-26 20:29 - 2014-09-26 20:29 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-26 20:29 - 2014-09-26 20:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
|
|
12.10.2014, 23:06
| #4 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden FRST teil 2: Code:
ATTFilter 2014-09-26 20:27 - 2014-09-26 20:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-09-26 20:24 - 2014-09-26 20:25 - 00341673 _____ () C:\Windows\NL-NL_IE11.log
2014-09-26 20:22 - 2014-09-26 20:23 - 00341951 _____ () C:\Windows\IT-IT_IE11.log
2014-09-26 20:21 - 2014-09-26 20:22 - 00341456 _____ () C:\Windows\fr-FR_IE11.log
2014-09-26 20:20 - 2014-09-26 20:21 - 00341693 _____ () C:\Windows\DE-DE_IE11.log
2014-09-26 20:19 - 2014-09-26 20:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-26 20:18 - 2014-09-26 20:20 - 02003137 _____ () C:\Windows\EN_IE11.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00411553 _____ () C:\Windows\KB2888049.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-09-26 20:18 - 2014-09-26 20:18 - 00248921 _____ () C:\Windows\KB2882822.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-09-26 20:17 - 2014-09-26 20:18 - 00078862 _____ () C:\Windows\KB2834140-V2.log
2014-09-26 20:17 - 2014-09-26 20:17 - 00059787 _____ () C:\Windows\KB2786081.log
2014-09-26 20:16 - 2014-09-26 20:17 - 02229591 _____ () C:\Windows\KB2731771.log
2014-09-26 20:16 - 2014-09-26 20:16 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00122102 _____ () C:\Windows\KB2729094-V2.log
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:15 - 2014-09-26 20:16 - 02342669 _____ () C:\Windows\KB2670838.log
2014-09-26 20:15 - 2014-09-26 20:15 - 01073616 _____ () C:\Windows\KB2533623.log
2014-09-26 20:14 - 2014-10-12 18:27 - 00735300 _____ () C:\Windows\system32\perfh013.dat
2014-09-26 20:14 - 2014-10-12 18:27 - 00152968 _____ () C:\Windows\system32\perfc013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00341322 _____ () C:\Windows\system32\perfi013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00043068 _____ () C:\Windows\system32\perfd013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\0413
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\0413
2014-09-26 20:09 - 2014-10-12 18:27 - 00731848 _____ () C:\Windows\system32\perfh010.dat
2014-09-26 20:09 - 2014-10-12 18:27 - 00146712 _____ () C:\Windows\system32\perfc010.dat
2014-09-26 20:09 - 2014-09-26 20:15 - 37148880 _____ () C:\Windows\nl-NL.log
2014-09-26 20:09 - 2014-09-26 20:08 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-09-26 20:09 - 2014-09-26 20:08 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\0410
2014-09-26 20:03 - 2014-10-12 18:27 - 00737518 _____ () C:\Windows\system32\perfh00C.dat
2014-09-26 20:03 - 2014-10-12 18:27 - 00149446 _____ () C:\Windows\system32\perfc00C.dat
2014-09-26 20:03 - 2014-09-26 20:09 - 37132632 _____ () C:\Windows\it-it.log
2014-09-26 20:03 - 2014-09-26 20:03 - 00344522 _____ () C:\Windows\system32\perfi00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00038160 _____ () C:\Windows\system32\perfd00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\040C
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\040C
2014-09-26 19:58 - 2014-10-12 18:27 - 00699340 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 19:58 - 2014-10-12 18:27 - 00149448 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 19:58 - 2014-09-26 20:03 - 37132092 _____ () C:\Windows\fr-fr.log
2014-09-26 19:58 - 2014-09-26 19:57 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-09-26 19:58 - 2014-09-26 19:57 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-09-26 19:57 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\0407
2014-09-26 19:52 - 2014-09-26 19:58 - 37121864 _____ () C:\Windows\de-de.log
2014-09-26 19:51 - 2013-11-07 12:46 - 00066856 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00060712 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00054528 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-09-26 19:51 - 2013-11-07 12:46 - 00040232 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-09-26 19:51 - 2013-04-30 02:03 - 00679920 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2014-09-26 19:51 - 2013-04-30 02:03 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2014-09-26 19:51 - 2011-03-25 02:58 - 00001271 _____ () C:\Windows\MFGCLEAN.CMD
2014-09-26 19:51 - 2007-09-19 12:41 - 00004096 _____ () C:\Windows\system32\Thumbs.db
2014-09-26 03:40 - 2014-09-26 03:40 - 00000000 ____D () C:\mfg
2014-09-26 03:17 - 2014-10-08 16:07 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-26 03:15 - 2012-12-10 02:46 - 00000012 _____ () C:\Windows\CSUP.TXT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 18:32 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:32 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:30 - 2009-07-14 06:51 - 00046749 _____ () C:\Windows\setupact.log
2014-10-12 18:27 - 2009-07-14 07:13 - 04271558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 18:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 10:47 - 2010-11-21 05:47 - 00142216 _____ () C:\Windows\PFRO.log
2014-10-10 10:47 - 2009-07-14 06:45 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:43 - 2014-02-03 16:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-10 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-10 10:34 - 2014-01-30 23:46 - 04183916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-10 09:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-09 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-08 17:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-08 17:03 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\Windows\Panther
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\SWTOOLS
2014-10-08 16:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 21:22 - 2009-07-14 06:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2014-09-26 21:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-26 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-26 21:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioDatabase
2014-09-26 21:10 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-09-26 21:09 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 21:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-26 21:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-09-26 20:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-09-26 20:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-26 20:50 - 2014-01-30 21:50 - 00003652 _____ () C:\Windows\TSSysprep.log
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-09-26 20:14 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-26 19:51 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-26 03:15 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
Files to move or delete:
====================
C:\ProgramData\msklapag.exe
Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Philipp\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Philipp\AppData\Local\Temp\qCCu1.exe
C:\Users\Philipp\AppData\Local\Temp\zaaU1.dll
C:\Users\Philipp\AppData\Local\Temp\zaaU1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-01-30 21:48
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014
Ran by Philipp at 2014-10-12 18:34:25
Running from C:\Users\Philipp\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.1 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
BlockAndSurf (HKLM-x32\...\0B81ECB6-31F6-4314-2155-D69C67D339E7) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.33 - Abelssoft)
Cinema-Plus-1.8cV09.10 (HKLM-x32\...\Cinema-Plus-1.8cV09.10) (Version: 1.35.9.29 - Cinema PlusV09.10)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.58.0 - Conexant)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.10 - Dropbox, Inc.)
Gesture Control (HKLM-x32\...\{FF07C482-C9F5-47AE-80B2-05066F31A5ED}) (Version: 6.1.160.13 - Lenovo)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.14.225.3 - Vimicro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 17.00.2000.1517 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0462 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.2.32 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.0.0332 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.11 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.12.0 - Lenovo)
Lenovo Fingerprint Manager (HKLM\...\{9BD443AA-F7D9-4688-8A8B-C33006C4CC59}) (Version: 4.5.258.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.258.0 - )
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.20 - Lenovo Group Limited)
Lenovo QuickDisplay (HKLM\...\{ADEEC90C-A033-4596-ACA1-97327055F9CB}) (Version: 1.2.7.0 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.2 - Lenovo Group Limited)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.1.1.1 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21229 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.71.327.2013 - Realtek)
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
surf slide (HKLM\...\surf slide) (Version: 2014.10.09.153635 - surf slide)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.4.911.2013 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.1.9 - Lenovo)
Windows Driver Package - Intel Corporation (iaStorA) HDC (04/29/2013 12.5.4.1001) (HKLM\...\64C5B2577D321E8D30DF813803EF008F338A0B1E) (Version: 04/29/2013 12.5.4.1001 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo)
WindowsMangerProtect20.0.0.1013 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1013 - WindowsProtect LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1145738533-22672879-546596692-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1145738533-22672879-546596692-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1145738533-22672879-546596692-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1145738533-22672879-546596692-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1145738533-22672879-546596692-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-10-2014 15:03:44 Windows Update
08-10-2014 16:07:50 Windows Update
09-10-2014 18:25:02 Installed iTunes
09-10-2014 18:44:46 Installed PDF Architect 2 View Module
10-10-2014 07:26:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01FEDC91-3F49-4731-A1E1-AF747A080774} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-09] (globalUpdate) <==== ATTENTION
Task: {072B39CE-0E22-4CEA-8418-4947827D9ED9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {1405C9FA-128F-4D9A-AC59-6B16A687E3AD} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-10] (AnyProtect.com) <==== ATTENTION
Task: {17ECCBED-FAB5-4C6F-9D5A-5C6B56CB2F40} - System32\Tasks\Lenovo\Gesture Control => C:\Program Files (x86)\eyeSight\Gesture Control\GestureControl.exe [2014-07-02] (Lenovo)
Task: {1DE5BC17-02B6-4556-B013-9BA66053C0A5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {22AB6C85-EE27-48E6-9752-4EF3E9E08816} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {234C2571-9540-4303-80DB-CFA783388C6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {33CCCD75-EFEC-4B0B-AFC1-329D2AEDBF0B} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {3E950C25-BC22-4C7B-BF15-50D50F1C3E12} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5_user => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {3F5EC324-F096-4C22-B727-6576A7CA0B04} - System32\Tasks\582bcf3e-0479-4ecd-a2ab-f7d0076f474e => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {423F6CD2-9937-4734-9B37-5544562328F7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-10] (AnyProtect.com) <==== ATTENTION
Task: {4F8EDD63-E3B1-4497-B243-DA6A9DF2B11D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-24] (Lenovo Group Limited)
Task: {5C625FEB-376C-4DB0-BF44-91E7FE5727BA} - System32\Tasks\VKXWEWD => C:\Users\Philipp\AppData\Roaming\VKXWEWD.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {625B664E-F190-4A97-8708-C7DAA98AB39C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {672A7D60-18F5-4B7F-9807-7059B682A304} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-2 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-2.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {6F07E78B-BEC0-4573-983E-DD065781120B} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-4 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-4.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {7376CF24-2CA4-4A87-8F9B-BC6A9FB7C92F} - System32\Tasks\ee0a2b99-d86d-44a9-852d-f3558451f7eb => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\ee0a2b99-d86d-44a9-852d-f3558451f7eb.exe <==== ATTENTION
Task: {737B442F-EC5B-4162-A21B-0847F8C1E7A8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {7742684D-D096-41D3-A74E-1A13333AF7D4} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {9BEFEFB7-5EB9-4764-9432-F6218DC1D963} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {A0F710BC-1E07-42E2-BA3C-BA333BA356D0} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-09] (globalUpdate) <==== ATTENTION
Task: {A57DB81E-428F-40A3-92F3-CBAC292D7BC8} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-10-10] (AnyProtect.com) <==== ATTENTION
Task: {A7AC898A-080D-4F28-98D8-310A3E69169F} - System32\Tasks\TVT\Lenovo QuickDisplay Agent => C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe [2014-04-10] (Lenovo Corporation)
Task: {AC353643-4660-4AA5-A99F-6139212F5D57} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {AC9238EF-C85C-4AA7-8A65-63DD6353E7DD} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor_shim.exe [2014-09-01] ()
Task: {AF9DB56B-7AF1-4327-8C31-04F4D25AE41A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-04-27] (Lenovo)
Task: {B7F2C485-6B2A-43EE-B315-C80045A25694} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-1 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-codedownloader.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {C7102366-CFB3-420B-8E99-331D140C9B56} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-16] (Lenovo)
Task: {CDAD02B8-1A13-4206-9350-5D03A5371046} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver1BlockAndSurf\l6BlockAndSurfp84.exe [2014-10-10] () <==== ATTENTION
Task: {D13D5664-4F8A-413F-8A82-2EB578EE4BFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-11] (Adobe Systems Incorporated)
Task: {D54A631D-1E77-4AB2-AA2A-962532F936FD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {D7791A94-2CEF-4C8D-8F9E-5839A555862F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {DAD9E64A-08F5-4EB7-AE6A-4EA2057FF503} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-19] (CHIP)
Task: {DDB7057D-187F-4377-8D58-865719C556F7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {EFCC3783-9DB8-4714-8B71-E86C5FC9726D} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-3 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-3.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {F2769DA8-071A-421E-A094-12BCA949C34B} - System32\Tasks\BQXUP => C:\Users\Philipp\AppData\Roaming\BQXUP.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: {F5CADA76-D8FE-4F6C-9D1E-02F17D57FAAD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {FF375C34-9195-4263-99D6-486E5383754A} - System32\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-11 => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-11.exe [2014-10-09] (Cinema PlusV09.10) <==== ATTENTION
Task: C:\Windows\Tasks\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-1.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-11.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-2.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-3.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-4.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\becff530-de66-46db-aa96-7cd7d7d8c0ab-5_user.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver1BlockAndSurf\l6BlockAndSurfp84.exe <==== ATTENTION
Task: C:\Windows\Tasks\BQXUP.job => C:\Users\Philipp\AppData\Roaming\BQXUP.exe <==== ATTENTION
Task: C:\Windows\Tasks\ee0a2b99-d86d-44a9-852d-f3558451f7eb.job => C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\ee0a2b99-d86d-44a9-852d-f3558451f7eb.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\VKXWEWD.job => C:\Users\Philipp\AppData\Roaming\VKXWEWD.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-09-26 21:10 - 2014-06-24 00:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-05-16 03:39 - 2014-05-16 03:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2014-10-10 09:28 - 2014-10-10 09:28 - 00121856 _____ () C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
2014-10-09 20:14 - 2014-10-07 11:57 - 03306440 _____ () C:\Users\Philipp\AppData\Local\mbot_fr_145\upmbot_fr_145.exe
2014-09-26 21:06 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-10-10 02:14 - 2014-10-10 02:14 - 02072576 _____ () C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe
2014-10-10 09:28 - 2014-10-10 09:28 - 00555520 _____ () C:\Program Files (x86)\ver1BlockAndSurf\l6BlockAndSurfp84.exe
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 21:13 - 2013-07-02 08:33 - 00033520 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2014-09-26 21:12 - 2011-08-03 05:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-09-26 21:12 - 2011-08-03 05:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-07-02 23:14 - 2014-07-02 23:14 - 03570600 _____ () C:\Program Files (x86)\eyeSight\Gesture Control\EyeKeysEngine.dll
2014-07-02 23:14 - 2014-07-02 23:14 - 00030120 _____ () C:\Program Files (x86)\eyeSight\Gesture Control\esmlib.dll
2014-10-09 19:58 - 2014-09-24 07:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-09 20:36 - 2014-10-11 18:03 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-09-26 20:54 - 2013-05-08 22:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-26 07:24 - 2014-06-26 07:24 - 00612664 _____ () C:\Program Files (x86)\ver1BlockAndSurf\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1145738533-22672879-546596692-500 - Administrator - Disabled)
Gast (S-1-5-21-1145738533-22672879-546596692-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1145738533-22672879-546596692-1002 - Limited - Enabled)
Philipp (S-1-5-21-1145738533-22672879-546596692-1001 - Administrator - Enabled) => C:\Users\Philipp
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/12/2014 06:21:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/11/2014 05:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 10:51:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 17.0.0.0, Zeitstempel: 0x52d9e32d
Name des fehlerhaften Moduls: MurocApi.dll, Version: 17.0.0.0, Zeitstempel: 0x52d9e279
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bd48
ID des fehlerhaften Prozesses: 0xddc
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Error: (10/10/2014 10:51:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 10:48:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 09:47:55 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (10/10/2014 09:47:54 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{1d1435db-45ad-11e4-90ad-806e6f6e6963} - 0000000000000100,0x0053c010,00000000003290D0,0,000000000032A0E0,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (10/10/2014 09:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xda4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/10/2014 09:22:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 09:15:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
System errors:
=============
Error: (10/12/2014 06:22:04 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (10/12/2014 06:21:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (10/12/2014 06:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/12/2014 06:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/11/2014 06:21:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/11/2014 05:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/11/2014 05:29:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/10/2014 10:51:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/10/2014 10:50:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/10/2014 10:50:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update surf slide" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (10/12/2014 06:21:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/11/2014 05:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 10:51:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe17.0.0.052d9e32dMurocApi.dll17.0.0.052d9e279c0000005000000000002bd48ddc01cfe46752502995C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlla1b0f07f-505a-11e4-807c-f81654dfef02
Error: (10/10/2014 10:51:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 10:48:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/10/2014 09:47:55 AM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (10/10/2014 09:47:54 AM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{1d1435db-45ad-11e4-90ad-806e6f6e6963} - 0000000000000100,0x0053c010,00000000003290D0,0,000000000032A0E0,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (10/10/2014 09:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141bda401cfe45d8b49a6d9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldac51452-5050-11e4-b976-f81654dfef02
Error: (10/10/2014 09:22:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 09:15:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070005, Zugriff verweigert
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 84%
Total physical RAM: 4012.08 MB
Available physical RAM: 603.96 MB
Total Pagefile: 8022.34 MB
Available Pagefile: 3722.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:443.26 GB) (Free:396.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:21.03 GB) (Free:9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A7179EBD)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
12.10.2014, 23:07
| #5 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-12 18:54:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 ATA_____ rev.2E__ 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\agddyfoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb3000 45 bytes [00, 00, 16, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fb302f 17 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779efc50 5 bytes JMP 000000007ef74b27
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779efc80 5 bytes JMP 000000010016012a
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efcb0 5 bytes JMP 0000000100160bc2
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779efe14 5 bytes JMP 0000000100160048
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779efea8 5 bytes JMP 0000000100160594
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779eff24 5 bytes JMP 0000000100160e68
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779f0004 5 bytes JMP 0000000100160758
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779f0038 5 bytes JMP 0000000100160ca4
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779f0068 5 bytes JMP 0000000100160d86
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0084 5 bytes JMP 0000000100020050
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000779f02e8 5 bytes JMP 000000010016020c
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779f079c 5 bytes JMP 00000001001603d0
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f088c 5 bytes JMP 00000001001609fe
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f08a4 2 bytes JMP 000000010016091c
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000779f08a7 2 bytes [77, 88]
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0df4 5 bytes JMP 0000000100160676
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000779f15d4 5 bytes JMP 00000001001602ee
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779f1920 5 bytes JMP 000000010016083a
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1be4 5 bytes JMP 0000000100160ae0
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779f1d70 5 bytes JMP 00000001001604b2
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075731492 7 bytes JMP 00000001001b084c
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ed524f 7 bytes JMP 00000001001b02f4
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ed53d0 7 bytes JMP 00000001001b05a0
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ed5677 7 bytes JMP 00000001001b03d8
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ed589a 7 bytes JMP 00000001001b0048
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ed5a1d 7 bytes JMP 00000001001b0768
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ed5c9b 7 bytes JMP 00000001001b04bc
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ed5d87 7 bytes JMP 00000001001b0684
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ed7240 7 bytes JMP 00000001001b0210
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1700] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000757d4889 5 bytes JMP 000000007ef74bb0
.text C:\Windows\system32\taskhost.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\system32\Dwm.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\Explorer.EXE[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\system32\taskeng.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2292] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071ca1b41 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2292] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071ca1be8 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2292] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071ca1c20 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2292] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071ca1cd2 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2292] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071ca1cf2 2 bytes [CA, 71]
.text C:\Users\Philipp\AppData\Local\mbot_fr_145\upmbot_fr_145.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010066ef26
.text C:\Windows\System32\rundll32.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[3460] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010030ef26
.text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[2976] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 0000000100aeef26
.text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[2976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[2976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Windows\system32\conhost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\System32\hkcmd.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\System32\igfxpers.exe[5288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\system32\igfxsrvc.exe[5324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe[5356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[5428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[5452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\System32\rundll32.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\System32\TpShocks.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010353ef26
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071ef11a8 2 bytes [EF, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071ef13a8 2 bytes [EF, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071ef1422 2 bytes [EF, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071ef1498 2 bytes [EF, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071ca1b41 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071ca1be8 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071ca1c20 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071ca1cd2 2 bytes [CA, 71]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[5812] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071ca1cf2 2 bytes [CA, 71]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Windows\SysWOW64\msiexec.exe[3652] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779efc50 5 bytes JMP 000000007ef94b27
.text C:\Windows\SysWOW64\msiexec.exe[3652] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000757d4889 5 bytes JMP 000000007ef94bb0
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779f0068 5 bytes JMP 000000010009f988
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 0000000102c0ef26
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007703453c 5 bytes JMP 000000010009fb5b
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\USER32.dll!TranslateMessage 00000000756e7809 5 bytes JMP 0000000100096937
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075729f1d 5 bytes JMP 0000000100096ac1
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!closesocket 00000000757d3918 2 bytes JMP 0000000100098e89
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!closesocket + 3 00000000757d391b 2 bytes [8C, 8A]
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!WSASend 00000000757d4406 5 bytes JMP 0000000100098fc0
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!recv 00000000757d6b0e 5 bytes JMP 0000000100098f5a
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!send 00000000757d6f01 5 bytes JMP 0000000100098f0f
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\ws2_32.dll!WSARecv 00000000757d7089 5 bytes JMP 000000010009904f
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Windows\SysWOW64\explorer.exe[5556] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075c718b8 5 bytes JMP 0000000100081219
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010028ef26
.text C:\Program Files (x86)\USB Camera\VM331STI.EXE[5172] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 0000000101d4ef26
.text C:\Windows\SysWOW64\rundll32.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010017ef26
.text C:\Windows\system32\rundll32.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077841d80 5 bytes JMP 00000000779a0034
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6172] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 0000000100b4ef26
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779efc80 5 bytes JMP 00000001000f012a
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efcb0 5 bytes JMP 00000001000f0bc2
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779efe14 5 bytes JMP 00000001000f0048
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779efea8 5 bytes JMP 00000001000f0594
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779eff24 5 bytes JMP 00000001000f0e68
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779f0004 5 bytes JMP 00000001000f0758
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779f0038 5 bytes JMP 00000001000f0ca4
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779f0068 5 bytes JMP 00000001000f0d86
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0084 5 bytes JMP 0000000100020050
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000779f02e8 5 bytes JMP 00000001000f020c
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779f079c 5 bytes JMP 00000001000f03d0
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f088c 5 bytes JMP 00000001000f09fe
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f08a4 2 bytes JMP 00000001000f091c
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000779f08a7 2 bytes [70, 88]
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010296ef26
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0df4 5 bytes JMP 00000001000f0676
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000779f15d4 5 bytes JMP 00000001000f02ee
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779f1920 5 bytes JMP 00000001000f083a
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1be4 5 bytes JMP 00000001000f0ae0
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779f1d70 5 bytes JMP 00000001000f04b2
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\syswow64\user32.DLL!RecordShutdownReason + 882 0000000075731492 7 bytes JMP 000000010018092e
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ed524f 7 bytes JMP 00000001001802f4
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ed53d0 7 bytes JMP 00000001001805a0
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ed5677 7 bytes JMP 00000001001803d8
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ed589a 7 bytes JMP 0000000100180048
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ed5a1d 7 bytes JMP 0000000100180768
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ed5c9b 7 bytes JMP 00000001001804bc
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ed5d87 7 bytes JMP 0000000100180684
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ed7240 7 bytes JMP 0000000100180210
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 0000000105d6ef26
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 00000001004aef26
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[8800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Windows\SysWOW64\notepad.exe[8616] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 000000010019ef26
.text C:\Windows\SysWOW64\notepad.exe[8616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775c1465 2 bytes [5C, 77]
.text C:\Windows\SysWOW64\notepad.exe[8616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775c14bb 2 bytes [5C, 77]
.text ... * 2
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779efc80 5 bytes JMP 00000001002f012a
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779efcb0 5 bytes JMP 00000001002f0bc2
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779efe14 5 bytes JMP 00000001002f0048
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779efea8 5 bytes JMP 00000001002f0594
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779eff24 5 bytes JMP 00000001002f0e68
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779f0004 5 bytes JMP 00000001002f0758
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779f0038 5 bytes JMP 00000001002f0ca4
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000779f0068 5 bytes JMP 00000001002f0d86
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779f0084 5 bytes JMP 0000000100020050
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000779f02e8 5 bytes JMP 00000001002f020c
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779f079c 5 bytes JMP 00000001002f03d0
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779f088c 5 bytes JMP 00000001002f09fe
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779f08a4 2 bytes JMP 00000001002f091c
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000779f08a7 2 bytes [90, 88]
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000779f091c 5 bytes JMP 00000001001aef26
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779f0df4 5 bytes JMP 00000001002f0676
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000779f15d4 5 bytes JMP 00000001002f02ee
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779f1920 5 bytes JMP 00000001002f083a
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779f1be4 5 bytes JMP 00000001002f0ae0
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779f1d70 5 bytes JMP 00000001002f04b2
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\syswow64\user32.dll!RecordShutdownReason + 882 0000000075731492 7 bytes JMP 00000001002f0f4a
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000075ed524f 7 bytes JMP 00000001003004ba
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000075ed53d0 7 bytes JMP 0000000100300766
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075ed5677 7 bytes JMP 000000010030059e
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000075ed589a 7 bytes JMP 000000010030020e
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075ed5a1d 7 bytes JMP 000000010030092e
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075ed5c9b 7 bytes JMP 0000000100300682
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075ed5d87 7 bytes JMP 000000010030084a
.text C:\Users\Philipp\Downloads\Gmer-19357.exe[5704] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075ed7240 7 bytes JMP 00000001003003d6
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\taskhost.exe [1952:6972] 000000000202b600
Thread C:\Windows\system32\taskhost.exe [1952:5648] 000000000203374c
Thread C:\Windows\system32\taskhost.exe [1952:5656] 000000000204af0c
Thread C:\Windows\system32\taskhost.exe [1952:6488] 000000000202dfb4
Thread C:\Windows\system32\taskhost.exe [1952:6492] 000000000202dfb4
Thread C:\Windows\system32\taskhost.exe [1952:6860] 000000000205853c
Thread C:\Windows\system32\Dwm.exe [1988:6252] 0000000002d5b600
Thread C:\Windows\system32\Dwm.exe [1988:6428] 0000000002d8853c
Thread C:\Windows\Explorer.EXE [1904:6536] 000000001ea1b600
Thread C:\Windows\Explorer.EXE [1904:6560] 000000001ea2374c
Thread C:\Windows\Explorer.EXE [1904:6388] 000000001ea3af0c
Thread C:\Windows\Explorer.EXE [1904:5260] 000000001ea1dfb4
Thread C:\Windows\Explorer.EXE [1904:5256] 000000001ea1dfb4
Thread C:\Windows\Explorer.EXE [1904:5240] 000000001ea4853c
Thread C:\Windows\Explorer.EXE [1904:7412] 000000001ea711c8
Thread C:\Windows\system32\taskeng.exe [2052:6116] 000000000019b600
Thread C:\Windows\system32\taskeng.exe [2052:6480] 00000000001a374c
Thread C:\Windows\system32\taskeng.exe [2052:6484] 00000000001baf0c
Thread C:\Windows\system32\taskeng.exe [2052:4640] 000000000019dfb4
Thread C:\Windows\system32\taskeng.exe [2052:5672] 000000000019dfb4
Thread C:\Windows\system32\taskeng.exe [2052:5156] 00000000001c853c
Thread C:\Windows\System32\rundll32.exe [4144:6460] 00000000003db600
Thread C:\Windows\system32\conhost.exe [3048:6836] 000000000012b600
Thread C:\Windows\System32\rundll32.exe [5680:7180] 00000000028fb600
Thread C:\Windows\SysWOW64\msiexec.exe [3652:6852] 000000007ef952e3
Thread C:\Windows\SysWOW64\explorer.exe [5556:6060] 0000000000082848
Thread C:\Windows\SysWOW64\explorer.exe [5556:4432] 000000000008d0d1
Thread C:\Windows\SysWOW64\explorer.exe [5556:5352] 0000000000090f4a
Thread C:\Windows\SysWOW64\explorer.exe [5556:4592] 000000000009bfa9
Thread C:\Windows\SysWOW64\explorer.exe [5556:4672] 000000000009c86a
Thread C:\Windows\SysWOW64\explorer.exe [5556:5332] 0000000000093372
Thread C:\Windows\SysWOW64\explorer.exe [5556:5152] 0000000002bfe675
Thread C:\Windows\SysWOW64\rundll32.exe [6052:6600] 000000000016e675
Thread C:\Windows\system32\rundll32.exe [3536:7172] 000000000221b600
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4416:7896] 0000000075ed7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4416:6168] 000000005b877712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4416:7772] 0000000077a22e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4416:8772] 0000000077a23e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4416:7348] 0000000077a23e85
Thread C:\Windows\SysWOW64\notepad.exe [8616:1564] 000000000018e675
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1700] (WindowsProtectManger Service/Fuyu LIMITED)(2014-10-09 18:48:35) 0000000000280000
Process C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe (*** suspicious ***) @ C:\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe [6400](2014-10-10 00:14:20) 0000000000f90000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f81654dfef02
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f81654dfef02 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Danke! philipp |
|
13.10.2014, 16:49
| #6 |
| /// Malwareteam | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden Hi Schritt 1: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3: teile mir mit, ob die Werbung verschwunden ist nach den beiden Schritten. Schritt 4: erstelle ein neues FRST Logfile und poste es hier
__________________ --> Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden |
|
20.10.2014, 06:04
| #7 |
| /// Malwareteam | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
21.10.2014, 19:22
| #8 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden hi, sorry, war im urlaub und konnte mich erts jetzt kümmern, also die beiden Scans hab ich gemacht: Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 19:19:02
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Downloads\AdwCleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : webinstrNew
[#] Dienst Gelöscht : Update surf slide
[#] Dienst Gelöscht : Util surf slide
Dienst Gelöscht : {df7f363e-7587-4730-8cc5-ba707bc967f9}Gw64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\ConvertAd
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\LookThisUp
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\MyBestOffersToday
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Windows\Util
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files (x86)\RCP
Ordner Gelöscht : C:\Program Files (x86)\mbot_fr_145
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\mbot_fr_145
Ordner Gelöscht : C:\Program Files (x86)\Cinema-Plus-1.8cV09.10
Ordner Gelöscht : C:\Program Files (x86)\surf slide
Ordner Gelöscht : C:\Users\Philipp\AppData\Local\Temp\surf slide
Ordner Gelöscht : C:\Program Files (x86)\ver1BlockAndSurf
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\6cfae8cc4676442fa78d9dcdf@bd4ea874e76d4af1994ba.com
Datei Gelöscht : C:\Users\Philipp\Desktop\AnyProtect.lnk
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\aps.scan.quick.results
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\aps.scan.results
Datei Gelöscht : C:\Users\Philipp\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\\drivers\{df7f363e-7587-4730-8cc5-ba707bc967f9}Gw64.sys
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\user.js
***** [ Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : BlockAndSurf Update
Task Gelöscht : 582bcf3e-0479-4ecd-a2ab-f7d0076f474e
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-1
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-11
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-2
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-3
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-4
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-5
Task Gelöscht : becff530-de66-46db-aa96-7cd7d7d8c0ab-5_user
Task Gelöscht : ee0a2b99-d86d-44a9-852d-f3558451f7eb
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Philipp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Philipp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Philipp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{065AE54A-C4EC-DDF1-946A-2A571D1C6A41}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_fr_145]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update surf slide
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util surf slide
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644324485}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622322285}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655325585}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666326685}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F59D25FA-2F64-3A12-5FA1-C1D75902F0ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Windows\system32\taskhost.exe]
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Windows\system32\taskhostex.exe]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\LookThisUp
Schlüssel Gelöscht : HKCU\Software\surf slide
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Cinema-Plus-1.8cV09.10
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Cinema-Plus-1.8cV09.10
Schlüssel Gelöscht : HKLM\SOFTWARE\surf slide
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0B81ECB6-31F6-4314-2155-D69C67D339E7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cinema-Plus-1.8cV09.10
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\surf slide
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
*************************
AdwCleaner[R0].txt - [22245 octets] - [21/10/2014 19:17:01]
AdwCleaner[S0].txt - [19899 octets] - [21/10/2014 19:19:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19960 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by Philipp on 21.10.2014 at 19:27:16,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\convertad
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611321185}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611321185}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\jh0rqjqg.default\prefs.js
user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.cookie.previous_page.value", "%22hxxps%3A//de.search.yahoo.com/yhs/search%3Fhspart%3DElex%2
user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22a
user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5
user_pref("extensions.crossrider.bic", "148fffbc9d888d96e85b5844b85d0152");
Emptied folder: C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\jh0rqjqg.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2014 at 19:29:37,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
21.10.2014, 19:26
| #9 | |
| /// Malwareteam | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloadenZitat:
Schritt 1: Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3: ESET Online Scanner
Schritt 4: erstelle ein neues FRST Logfile und poste es hier |
|
21.10.2014, 19:29
| #10 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden und hier nochmal FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Philipp (administrator) on PHILIPP-PC on 21-10-2014 20:23:40
Running from C:\Users\Philipp\Downloads
Loaded Profile: Philipp (Available profiles: Philipp)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [901216 2013-04-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-30] (Lenovo Group Limited)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-07-02] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\MountPoints2: {1d1435dc-45ad-11e4-90ad-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKLM-x32 - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKCU - {398582D3-F98D-4564-9A62-DB66295FD89E} URL =
BHO: Cinema-Plus-1.8cV09.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ixquickde-https.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\abs@avira.com [2014-10-10]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\donottrackplus@abine.com [2014-10-11]
FF Extension: organizesearchenginesmaltekrausde - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\organize-search-engines@maltekraus.de [2014-10-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-10-11]
FF Extension: Cliqz Beta - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\cliqz@cliqz.com.xpi [2014-10-12]
FF Extension: Speed Dial - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-10-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-10-09]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-09]
FF Extension: surf slide - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{df7f363e-7587-4730-8cc5-ba707bc967f9}.xpi [2014-10-09]
FF Extension: Adblock Edge - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-10-21]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\extensions\cliqz@cliqz.com
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-07-02] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-30] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-22] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-12] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2014-05-06] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-08] (Synaptics Incorporated)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-08] (Symantec Corporation)
S3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-10-08] (Symantec Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [56048 2013-07-02] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141008.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\ENG64.SYS [129752 2014-10-08] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\EX64.SYS [2137304 2014-10-08] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1070080 2013-12-31] (Vimicro Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 20:23 - 2014-10-21 20:23 - 00000000 ____D () C:\Users\Philipp\Downloads\FRST-OlderVersion
2014-10-21 19:29 - 2014-10-21 19:29 - 00001912 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-10-21 19:27 - 2014-10-21 19:27 - 00000000 ____D () C:\Windows\ERUNT
2014-10-21 19:15 - 2014-10-21 19:15 - 01705698 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-10-21 19:10 - 2014-10-21 19:19 - 00000000 ____D () C:\AdwCleaner
2014-10-21 19:09 - 2014-10-21 19:09 - 01962496 _____ () C:\Users\Philipp\Downloads\AdwCleaner_4.001.exe
2014-10-21 19:09 - 2014-10-21 19:08 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 20:05 - 2014-10-12 20:05 - 00030128 _____ () C:\Users\Philipp\Downloads\logfiles.7z
2014-10-12 20:04 - 2014-10-12 20:05 - 00030128 _____ () C:\Users\Philipp\Downloads\Downloads.7z
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-10-12 19:23 - 2014-10-12 19:23 - 01098088 _____ () C:\Windows\Minidump\101214-25131-01.dmp
2014-10-12 19:23 - 2014-10-12 19:23 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 19:22 - 2014-10-12 19:22 - 787588699 _____ () C:\Windows\MEMORY.DMP
2014-10-12 18:54 - 2014-10-12 18:54 - 00057539 _____ () C:\Users\Philipp\Downloads\gmer.log
2014-10-12 18:38 - 2014-10-12 18:38 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-10-12 18:34 - 2014-10-12 18:35 - 00037232 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-10-12 18:32 - 2014-10-21 20:23 - 00024554 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-10-12 18:32 - 2014-10-21 20:23 - 00000000 ____D () C:\FRST
2014-10-12 18:29 - 2014-10-21 20:23 - 02110976 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-10-12 18:29 - 2014-10-12 18:29 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-10-12 18:29 - 2014-10-12 18:29 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-10-12 18:28 - 2014-10-12 18:28 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-10-11 18:12 - 2014-10-11 17:53 - 00000825 _____ () C:\Users\Philipp\Documents\indexfile.txt
2014-10-11 18:11 - 2014-10-11 18:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-11 18:11 - 2014-10-11 18:11 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00001034 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-10-11 18:05 - 2014-10-11 18:05 - 01125200 _____ () C:\Users\Philipp\Downloads\MozBackup - CHIP-Installer.exe
2014-10-11 17:57 - 2014-10-11 17:57 - 01055936 _____ (Adobe) C:\Users\Philipp\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-10-11 17:40 - 2014-10-21 19:06 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avaxv
2014-10-11 17:40 - 2014-10-13 17:04 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malaon
2014-10-11 17:38 - 2014-10-12 20:08 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment
2014-10-11 17:38 - 2014-10-11 17:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apps\2.0
2014-10-10 10:42 - 2014-10-10 10:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-10 10:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-10 10:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-10 10:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-10 10:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-10 10:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-10 10:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-10 10:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-10 10:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-10 10:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-10 10:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-10 10:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-10 10:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-10 10:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-10 10:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-10 10:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-10 10:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-10 10:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-10 10:02 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-10-10 09:46 - 2014-10-10 09:46 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avira
2014-10-10 09:41 - 2014-10-21 19:07 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps
2014-10-10 09:40 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-10 09:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-10 09:38 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-10 09:34 - 2014-10-10 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\ProgramData\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 09:34 - 2014-10-10 09:34 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-10 09:33 - 2014-10-10 09:33 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philipp\Downloads\avira_de_av_4464542853__ws.exe
2014-10-10 09:29 - 2014-10-10 09:29 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nsyF9FA.tmp
2014-10-10 09:28 - 2014-10-10 09:28 - 00056504 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-10 09:28 - 2014-10-10 09:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-10 09:27 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-10 09:27 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-10 09:27 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-10 09:27 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-10 09:27 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-09 20:55 - 2014-10-09 20:55 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2014-10-09 20:54 - 2014-10-09 20:54 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nszB6F3.tmp
2014-10-09 20:54 - 2014-10-09 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\ap_movie
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Users\Philipp\Documents\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:46 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-09 20:44 - 2014-09-23 09:43 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-10-09 20:44 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-10-09 20:44 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-10-09 20:39 - 2014-10-21 19:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-10-09 20:39 - 2014-10-09 20:39 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 20:38 - 2014-10-10 09:25 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\BatteryBar
2014-10-09 20:38 - 2014-10-09 20:38 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Macromedia
2014-10-09 20:36 - 2014-10-21 20:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 20:36 - 2014-10-11 18:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 20:36 - 2014-10-11 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 20:36 - 2014-10-11 18:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-09 20:36 - 2014-10-10 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 20:36 - 2014-10-10 09:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Google
2014-10-09 20:36 - 2014-10-09 20:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-09 20:35 - 2014-10-11 18:03 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-10-09 20:35 - 2014-10-09 20:35 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-09 20:32 - 2014-10-09 20:32 - 00000000 _____ () C:\Users\Philipp\Downloads\FileOpenerSetup.exe
2014-10-09 20:27 - 2014-10-09 20:28 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 20:27 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 20:24 - 2014-10-09 20:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-09 20:23 - 2014-10-09 20:30 - 912748031 _____ () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014.zip
2014-10-09 20:23 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-10-09 20:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-09 20:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-09 20:21 - 2014-10-09 20:22 - 80521624 _____ (Apple Inc.) C:\Users\Philipp\Downloads\iTunes64Setup.exe
2014-10-09 20:18 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-09 20:18 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-09 20:16 - 2014-10-09 20:16 - 01511848 _____ () C:\Users\Philipp\AppData\Roaming\VKXWEWD.exe
2014-10-09 20:15 - 2014-10-09 20:15 - 01981864 _____ () C:\Users\Philipp\AppData\Roaming\BQXUP.exe
2014-10-09 20:14 - 2014-10-09 20:14 - 111992144 _____ (Apple Inc.) C:\Users\Philipp\Desktop\iTunesSetup.exe
2014-10-09 20:13 - 2014-10-09 20:13 - 01125200 _____ () C:\Users\Philipp\Downloads\CHIP Online Notebook Starter Kit 2014 - CHIP-Installer.exe
2014-10-09 20:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-09 20:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-09 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-09 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-09 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-09 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-09 20:11 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-10-09 20:11 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-10-09 20:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-09 20:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-09 20:10 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-09 20:10 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-09 20:10 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-09 20:10 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-09 20:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-09 20:10 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-09 20:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-09 20:09 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-09 20:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-09 20:09 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-09 20:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-09 20:08 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-09 20:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-09 20:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-09 20:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-09 20:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-09 20:03 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-09 20:03 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-09 20:03 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-09 20:03 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-09 20:03 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-09 20:03 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-09 20:02 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-09 20:02 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-09 20:01 - 2014-10-09 20:01 - 00551680 _____ (proprius habeo) C:\Users\Philipp\Downloads\iTunes.exe
2014-10-09 19:58 - 2014-10-21 19:19 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-21 19:19 - 00001056 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3.exe
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3 (1).exe
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-09 19:54 - 2014-10-09 19:55 - 30503712 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_24.0.1558.64_Setup.exe
2014-10-09 19:52 - 2014-10-09 19:52 - 00000000 ____D () C:\Users\Philipp\AppData\Local\IsolatedStorage
2014-10-09 19:51 - 2014-10-09 19:51 - 00000000 ____D () C:\Users\Philipp\AppData\Local\GestureControl
2014-10-09 18:23 - 2014-10-09 18:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\LSC
2014-10-09 09:30 - 2014-10-21 19:19 - 00124696 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-08 18:17 - 2014-10-08 18:17 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\PwrMgr
2014-10-08 18:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-08 17:50 - 2014-10-08 17:50 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-08 17:50 - 2014-10-08 17:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-10-08 17:02 - 2014-10-09 20:27 - 00060056 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-08 17:02 - 2014-10-08 17:50 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Lenovo
2014-10-08 17:01 - 2014-10-21 19:19 - 00001010 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\Documents\Meine empfangenen Dateien
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Leadertech
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\VirtualStore
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Downloaded Installations
2014-10-08 17:00 - 2014-10-12 18:29 - 00000000 ____D () C:\Users\Philipp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000895 _____ () C:\Users\Public\Desktop\Installieren Sie Ihre zusõtzlichen Anwendungen.lnk
2014-10-08 17:00 - 2014-10-08 17:00 - 00000020 ___SH () C:\Users\Philipp\ntuser.ini
2014-10-08 17:00 - 2014-10-08 17:00 - 00000010 _____ () C:\Windows\getvol.scp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Vorlagen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Startmenü
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Netzwerkumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Lokale Einstellungen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Eigene Dateien
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Druckumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Musik
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Bilder
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Verlauf
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Intel
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _____ () C:\Windows\firstboot.dat
2014-10-08 17:00 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-08 17:00 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Macromedia
2014-10-08 17:00 - 2009-08-25 05:18 - 01067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-08 17:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-08 17:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieUserList
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieSiteList
2014-10-08 16:04 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-08 16:04 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-08 16:04 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-08 16:04 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-08 16:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-08 16:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-26 21:22 - 2014-09-26 21:22 - 00003864 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2014-09-26 21:22 - 2014-09-26 21:22 - 00003616 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2014-09-26 21:21 - 2014-09-26 21:21 - 00002033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_usb3Hub_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Program Files\Intel Corporation
2014-09-26 21:19 - 2014-09-26 21:19 - 00001991 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Users\Public\Symantec
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\SymSilent
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-26 21:19 - 2013-07-19 00:47 - 00002040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk
2014-09-26 21:18 - 2014-10-10 09:22 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-26 21:18 - 2014-09-26 21:18 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-26 21:18 - 2014-09-26 21:18 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-26 21:18 - 2014-09-26 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-26 21:17 - 2014-10-08 17:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-26 21:17 - 2014-09-26 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00001943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-26 21:16 - 2014-05-16 03:38 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-09-26 21:16 - 2014-05-16 03:38 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-09-26 21:15 - 2014-09-26 21:15 - 00000143 _____ () C:\Windows\eyesight1.cmd
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gesture Control
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\eyeSight
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\Program Files (x86)\eyeSight
2014-09-26 21:15 - 2013-07-17 09:41 - 00001345 _____ () C:\Windows\eyesight1.lnk
2014-09-26 21:15 - 2010-03-03 18:54 - 00001423 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free Skype voice and video calls.lnk
2014-09-26 21:13 - 2014-10-21 19:21 - 00000000 ____D () C:\ProgramData\Validity
2014-09-26 21:13 - 2014-10-08 18:17 - 629145600 ___SH () C:\Windows\lenovo_fastboot.img
2014-09-26 21:13 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-09-26 21:13 - 2014-09-26 21:15 - 00196608 _____ () C:\Windows\ocsetup_install_OEMHelpCustomization.etl
2014-09-26 21:13 - 2014-09-26 21:14 - 00028728 _____ () C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files\Synaptics Incorporated
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files (x86)\Lenovo Registration
2014-09-26 21:13 - 2013-07-02 08:33 - 00056048 ____N (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Fastboot.sys
2014-09-26 21:13 - 2013-06-26 11:54 - 00002254 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Evernote Installer.lnk
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-26 21:12 - 2014-10-09 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-09-26 21:12 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Reader
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Public\Lenovo
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-26 21:11 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-26 21:11 - 2014-09-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-26 21:11 - 2014-09-26 21:11 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-09-26 21:11 - 2014-09-26 21:11 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-09-26 21:10 - 2014-09-26 21:19 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-09-26 21:10 - 2014-09-26 21:10 - 00015396 _____ () C:\Windows\system32\results.xml
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files\ThinkPad
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files (x86)\ThinkPad
2014-09-26 21:10 - 2014-06-24 00:05 - 02853664 _____ (Lenovo Group Limited) C:\Windows\system32\PWMCP64V.cpl
2014-09-26 21:10 - 2014-06-24 00:05 - 02692896 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2014-09-26 21:10 - 2014-06-24 00:05 - 00020736 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR64V.SYS
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-09-26 21:06 - 2013-05-16 05:18 - 00004656 _____ () C:\Windows\system32\Drivers\SamSfPa.dat
2014-09-26 21:06 - 2012-12-03 19:27 - 00202400 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2014-09-26 21:06 - 2011-09-01 09:23 - 00447104 _____ (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
2014-09-26 21:05 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files\CONEXANT
2014-09-26 21:05 - 2014-09-26 21:05 - 00000000 ____D () C:\ProgramData\Conexant
2014-09-26 21:05 - 2013-05-15 09:27 - 00406208 _____ (Conexant Systems, Inc.) C:\Windows\system32\CSpkExt64.dll
2014-09-26 21:05 - 2013-05-14 09:43 - 01684184 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys
2014-09-26 21:05 - 2013-04-18 10:02 - 01788000 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP83.dll
2014-09-26 21:05 - 2013-02-08 23:02 - 02817632 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A35.DLL
2014-09-26 21:05 - 2013-01-25 07:57 - 02730016 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-09-26 21:05 - 2012-08-31 13:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2014-09-26 21:05 - 2012-06-29 07:04 - 00050848 _____ (Conexant Systems Inc.) C:\Windows\system32\CxPageMaster64.dll
2014-09-26 21:05 - 2012-01-16 04:42 - 00666240 _____ (Conexant Systems, Inc.) C:\Windows\system32\C3DHPExt64.dll
2014-09-26 21:05 - 2011-01-18 02:35 - 00030893 _____ () C:\Windows\system32\Drivers\Mixer.ini
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-26 21:03 - 2014-10-10 09:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Vimicro
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\USB Camera
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\vm331Rmv.ini
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\SysWOW64\vm331Rmv.ini
2014-09-26 21:02 - 2013-12-31 04:20 - 01070080 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys
2014-09-26 21:02 - 2013-12-27 10:12 - 00358912 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll
2014-09-26 21:02 - 2013-05-08 09:35 - 00408136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2014-09-26 21:02 - 2013-04-25 12:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPerIcon.dll
2014-09-26 21:02 - 2013-01-17 08:33 - 01078272 _____ () C:\Windows\system32\331prx64.ax
2014-09-26 21:02 - 2013-01-17 08:33 - 00667648 _____ () C:\Windows\SysWOW64\vmprp331.ax
2014-09-26 21:02 - 2010-06-30 11:38 - 00000356 _____ () C:\Windows\system\vm331avs.rsf
2014-09-26 21:01 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-26 21:01 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-26 21:01 - 2014-09-26 21:01 - 00001346 _____ () C:\Windows\Synaptics.log
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-09-26 21:01 - 2014-04-07 06:01 - 00745712 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00554224 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-09-26 21:01 - 2014-04-07 06:01 - 00405232 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00254704 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00208112 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-09-26 21:01 - 2014-01-07 07:20 - 00001741 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk
2014-09-26 21:01 - 2013-03-27 09:51 - 00842312 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-26 21:01 - 2013-03-27 09:51 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-09-26 21:01 - 2013-03-27 09:51 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-26 21:00 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\Lenovo USB Graphics
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-09-26 20:59 - 2014-10-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-09-26 20:59 - 2014-09-26 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-26 20:59 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-09-26 20:59 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-09-26 20:58 - 2014-10-08 17:01 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_S3-S440_20AYCTO1WW.MRK
2014-09-26 20:58 - 2014-09-26 20:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-09-26 20:58 - 2014-01-08 00:53 - 25971712 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21658624 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21007360 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 20954112 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19950592 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19202560 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 09081856 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07944704 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07596504 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 06280704 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04472320 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04220416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-09-26 20:58 - 2014-01-08 00:53 - 03556864 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 03207680 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02881536 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2014-09-26 20:58 - 2014-01-08 00:53 - 02384896 _____ () C:\Windows\system32\GfxRes.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02065920 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01815040 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01127424 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01123328 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00906200 _____ (Intel Corporation) C:\Windows\system32\igfxstarter.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00845272 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00771544 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00770520 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00755160 _____ (Intel Corporation) C:\Windows\system32\GfxUIHotKeyMenu.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00729088 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00624640 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00548864 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00530904 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00527872 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00522240 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00521728 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00517632 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00516096 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00514048 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00513536 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00493056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00397784 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00396760 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00391128 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00347648 _____ () C:\Windows\system32\igdmd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00346624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00290816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00280064 _____ () C:\Windows\SysWOW64\igdmd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-09-26 20:58 - 2014-01-08 00:53 - 00279000 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00267407 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00253466 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00243712 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00235401 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00224256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00222208 _____ () C:\Windows\system32\igdde64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00214528 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00201128 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00198725 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00194560 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00192758 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3383.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00182272 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00180936 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00180850 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00179712 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00178473 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178290 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178123 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00176838 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175862 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175571 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175067 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174802 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174269 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173792 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173276 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173059 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172833 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172554 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00171691 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00168215 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166833 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166220 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00163328 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00161534 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00160256 _____ () C:\Windows\system32\igdail64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00155136 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00154805 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00153048 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00152993 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00137728 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00133120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00066560 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00029696 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00025600 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00012288 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00002940 _____ () C:\Windows\system32\iglhxs64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2014-09-26 20:58 - 2013-12-30 23:06 - 00450520 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00790000 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00368624 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2014-09-26 20:58 - 2013-10-21 04:25 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-09-26 20:58 - 2013-02-27 09:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-09-26 20:55 - 2014-10-08 17:51 - 00000000 ____D () C:\ProgramData\Intel
2014-09-26 20:55 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Intel
2014-09-26 20:55 - 2014-09-26 20:57 - 00075099 _____ () C:\Windows\winredism.log
2014-09-26 20:55 - 2013-05-21 19:45 - 00008192 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-09-26 20:54 - 2014-09-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-26 20:54 - 2014-09-26 20:58 - 00000000 ____D () C:\Intel
2014-09-26 20:54 - 2014-09-26 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-09-26 20:54 - 2013-05-08 22:23 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-09-26 20:54 - 2013-05-08 22:23 - 00099800 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\MLPS
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\DIFX
2014-09-26 20:52 - 2014-09-26 21:04 - 00032216 _____ () C:\Windows\DPINST.LOG
2014-09-26 20:51 - 2014-09-26 20:51 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-09-26 20:50 - 2014-09-26 20:50 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-09-26 20:48 - 2014-10-11 17:40 - 02094734 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 20:45 - 2014-09-26 20:45 - 00000000 ____D () C:\Windows\CSC
2014-09-26 20:42 - 2014-09-26 20:42 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-26 20:41 - 2014-09-26 20:41 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-26 20:38 - 2014-09-26 20:38 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINASA.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2014-09-26 20:37 - 2014-09-26 20:37 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-09-26 20:37 - 2014-09-26 20:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-09-26 20:37 - 2014-09-26 20:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
|
|
21.10.2014, 19:29
| #11 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden und 2. teil Code:
ATTFilter 2014-09-26 20:37 - 2014-09-26 20:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-09-26 20:36 - 2014-09-26 20:37 - 00404551 _____ () C:\Windows\KB2685813.log
2014-09-26 20:36 - 2014-09-26 20:36 - 00393930 _____ () C:\Windows\KB2685811.log
2014-09-26 20:30 - 2014-09-26 20:30 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-26 20:30 - 2014-09-26 20:30 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-09-26 20:29 - 2014-09-26 20:29 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-26 20:29 - 2014-09-26 20:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-09-26 20:24 - 2014-09-26 20:25 - 00341673 _____ () C:\Windows\NL-NL_IE11.log
2014-09-26 20:22 - 2014-09-26 20:23 - 00341951 _____ () C:\Windows\IT-IT_IE11.log
2014-09-26 20:21 - 2014-09-26 20:22 - 00341456 _____ () C:\Windows\fr-FR_IE11.log
2014-09-26 20:20 - 2014-09-26 20:21 - 00341693 _____ () C:\Windows\DE-DE_IE11.log
2014-09-26 20:19 - 2014-09-26 20:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-26 20:18 - 2014-09-26 20:20 - 02003137 _____ () C:\Windows\EN_IE11.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00411553 _____ () C:\Windows\KB2888049.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-09-26 20:18 - 2014-09-26 20:18 - 00248921 _____ () C:\Windows\KB2882822.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-09-26 20:17 - 2014-09-26 20:18 - 00078862 _____ () C:\Windows\KB2834140-V2.log
2014-09-26 20:17 - 2014-09-26 20:17 - 00059787 _____ () C:\Windows\KB2786081.log
2014-09-26 20:16 - 2014-09-26 20:17 - 02229591 _____ () C:\Windows\KB2731771.log
2014-09-26 20:16 - 2014-09-26 20:16 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00122102 _____ () C:\Windows\KB2729094-V2.log
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:15 - 2014-09-26 20:16 - 02342669 _____ () C:\Windows\KB2670838.log
2014-09-26 20:15 - 2014-09-26 20:15 - 01073616 _____ () C:\Windows\KB2533623.log
2014-09-26 20:14 - 2014-10-21 20:19 - 00735300 _____ () C:\Windows\system32\perfh013.dat
2014-09-26 20:14 - 2014-10-21 20:19 - 00152968 _____ () C:\Windows\system32\perfc013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00341322 _____ () C:\Windows\system32\perfi013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00043068 _____ () C:\Windows\system32\perfd013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\0413
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\0413
2014-09-26 20:09 - 2014-10-21 20:19 - 00731848 _____ () C:\Windows\system32\perfh010.dat
2014-09-26 20:09 - 2014-10-21 20:19 - 00146712 _____ () C:\Windows\system32\perfc010.dat
2014-09-26 20:09 - 2014-09-26 20:15 - 37148880 _____ () C:\Windows\nl-NL.log
2014-09-26 20:09 - 2014-09-26 20:08 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-09-26 20:09 - 2014-09-26 20:08 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\0410
2014-09-26 20:03 - 2014-10-21 20:19 - 00737518 _____ () C:\Windows\system32\perfh00C.dat
2014-09-26 20:03 - 2014-10-21 20:19 - 00149446 _____ () C:\Windows\system32\perfc00C.dat
2014-09-26 20:03 - 2014-09-26 20:09 - 37132632 _____ () C:\Windows\it-it.log
2014-09-26 20:03 - 2014-09-26 20:03 - 00344522 _____ () C:\Windows\system32\perfi00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00038160 _____ () C:\Windows\system32\perfd00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\040C
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\040C
2014-09-26 19:58 - 2014-10-21 20:19 - 00699340 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 19:58 - 2014-10-21 20:19 - 00149448 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 19:58 - 2014-09-26 20:03 - 37132092 _____ () C:\Windows\fr-fr.log
2014-09-26 19:58 - 2014-09-26 19:57 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-09-26 19:58 - 2014-09-26 19:57 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-09-26 19:57 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\0407
2014-09-26 19:52 - 2014-09-26 19:58 - 37121864 _____ () C:\Windows\de-de.log
2014-09-26 19:51 - 2013-11-07 12:46 - 00066856 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00060712 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00054528 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-09-26 19:51 - 2013-11-07 12:46 - 00040232 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-09-26 19:51 - 2013-04-30 02:03 - 00679920 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2014-09-26 19:51 - 2013-04-30 02:03 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2014-09-26 19:51 - 2011-03-25 02:58 - 00001271 _____ () C:\Windows\MFGCLEAN.CMD
2014-09-26 19:51 - 2007-09-19 12:41 - 00004096 _____ () C:\Windows\system32\Thumbs.db
2014-09-26 03:40 - 2014-09-26 03:40 - 00000000 ____D () C:\mfg
2014-09-26 03:17 - 2014-10-08 16:07 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-26 03:15 - 2012-12-10 02:46 - 00000012 _____ () C:\Windows\CSUP.TXT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 20:19 - 2009-07-14 07:13 - 04271558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:31 - 2009-07-14 06:51 - 00047625 _____ () C:\Windows\setupact.log
2014-10-21 19:29 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 19:29 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 19:21 - 2010-11-21 05:47 - 00142534 _____ () C:\Windows\PFRO.log
2014-10-21 19:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 10:47 - 2009-07-14 06:45 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:43 - 2014-02-03 16:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-10 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-10 10:34 - 2014-01-30 23:46 - 04183916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-10 09:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-09 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-08 17:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-08 17:03 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\Windows\Panther
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\SWTOOLS
2014-10-08 16:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 21:22 - 2009-07-14 06:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2014-09-26 21:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-26 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-26 21:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioDatabase
2014-09-26 21:10 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-09-26 21:09 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 21:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-26 21:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-09-26 20:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-09-26 20:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-26 20:50 - 2014-01-30 21:50 - 00003652 _____ () C:\Windows\TSSysprep.log
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-09-26 20:14 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-26 19:51 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-26 03:15 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
Files to move or delete:
====================
C:\ProgramData\msklapag.exe
Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
C:\Users\Philipp\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Philipp\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Philipp\AppData\Local\Temp\obupdat.exe
C:\Users\Philipp\AppData\Local\Temp\qCCu1.exe
C:\Users\Philipp\AppData\Local\Temp\Quarantine.exe
C:\Users\Philipp\AppData\Local\Temp\sqlite3.dll
C:\Users\Philipp\AppData\Local\Temp\zaaU1.dll
C:\Users\Philipp\AppData\Local\Temp\zaaU1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-01-30 21:48
==================== End Of Log ============================
|
|
21.10.2014, 19:50
| #12 |
| /// Malwareteam | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden bekomm ich die anderen angeforderten Logfiles noch? |
|
21.10.2014, 21:35
| #13 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloadenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.10.2014 Suchlauf-Zeit: 20:48:11 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.21.09 Rootkit Datenbank: v2014.10.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Philipp Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 311193 Verstrichene Zeit: 15 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.CinemaPlus, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-Plus-1.8cV09.10, Löschen bei Neustart, [0f4eb661a1db4ee8da0aea3d29da16ea], PUP.Optional.FastStart.A, HKU\S-1-5-21-1145738533-22672879-546596692-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Löschen bei Neustart, [a3baea2dd0acd2643ce7be64e1224fb1], Registrierungswerte: 1 PUP.Optional.FastStart.A, HKU\S-1-5-21-1145738533-22672879-546596692-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [a3baea2dd0acd2643ce7be64e1224fb1] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 Spyware.Password, C:\ProgramData\msklapag.exe, In Quarantäne, [6feec156d3a96ec845b29042ad54d32d], PUP.Optional.Solimba, C:\Users\Philipp\Downloads\iTunes.exe, In Quarantäne, [a5b87d9af98370c64751e7ea46bbe719], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ef519c68d293804ea405a1710ab855ef
# engine=20711
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-21 08:24:30
# local_time=2014-10-21 10:24:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 10987 2367610 0 0
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 997290 176519655 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2167816 165552920 0 0
# scanned=217601
# found=40
# cleaned=0
# scan_time=3766
sh=8987148BCD34118DCD4F4B804832EBD6D1E9C8EB ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\prefs_21_10_2014_19_19_23.js"
sh=216382B557BE0EEDFF4409ABF56F5121269F633D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\4e43efc6-7800-45b6-b4fe-e59f6e133573.crx.vir"
sh=6D67A0E6853718E5D055A13007F188F98910162E ft=1 fh=cbf8662043c79601 vn="Variante von Win32/Toolbar.CrossRider.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\582bcf3e-0479-4ecd-a2ab-f7d0076f474e.exe.vir"
sh=4E29D5D6EE9E5D89911172D0C630991802BBF1A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\7351c70c-a94e-4808-9e43-ddeeb2b401c6.crx.vir"
sh=660BB24FC1C0B8186BDED7A9B465AFF218F57A08 ft=1 fh=038dcdddd6d96f1d vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-11.exe.vir"
sh=6EBF1017EAC2A0B71741FB239C12577128ACD0EF ft=1 fh=11bc445cb49e3796 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-2.exe.vir"
sh=660BB24FC1C0B8186BDED7A9B465AFF218F57A08 ft=1 fh=038dcdddd6d96f1d vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-3.exe.vir"
sh=EAD28A6ECD2C2337953BFB695216CF6A4A23E0D1 ft=1 fh=e91695bee99152ae vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-4.exe.vir"
sh=09A30D0E7D28074FFD7301E88527C62366425E7E ft=1 fh=1a728031137e1eff vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab-5.exe.vir"
sh=216382B557BE0EEDFF4409ABF56F5121269F633D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab.crx.vir"
sh=58A942F26EDD785B37E640CBF725809D3AFCFA04 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\becff530-de66-46db-aa96-7cd7d7d8c0ab.xpi.vir"
sh=9D7EFF89A85BF78E8B1C0482FB7AB0C8DC962B73 ft=1 fh=1dc3d9f245075ed3 vn="Variante von Win64/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho64.dll.vir"
sh=4858532A13C839AEEE394722B7CDF70DEEC34FB6 ft=1 fh=c219673d1f2b3353 vn="Variante von Win32/Toolbar.CrossRider.AY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-codedownloader.exe.vir"
sh=81158EDC3F4E31D1C54F0E9FFC4043C623600E7A ft=1 fh=77aaeedc44977074 vn="Variante von Win32/Toolbar.CrossRider.AW evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\Uninstall.exe.vir"
sh=217E1397C7F4CB24E8285D0BE1206671485C671C ft=1 fh=71ffee551727a767 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Cinema-Plus-1.8cV09.10\utils.exe.vir"
sh=6DF08E4DF85CCA813402775C1FB6F8F5DF61FD02 ft=1 fh=1ddb9ce3b8ff035b vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_fr_145\mbot_fr_145.exe.vir"
sh=86C897B1372AF5C98C8A5E0D14A22DAD6F3D8B71 ft=1 fh=c12862a3cb3e33bf vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_fr_145\mybestofferstoday_widget.exe.vir"
sh=FA0554030BC650892CEB931E3A2C05D7719FDF14 ft=1 fh=91264935b1b8ea1a vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RCP\RCPUninstall.exe.vir"
sh=0B35CAD1794A5BC9B291979DA38846B5A762C739 ft=1 fh=334c505ae47f7888 vn="Win32/Systweak.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RCP\systweakasp.exe.vir"
sh=A6153F26B41EF7DE8929AAE7E9C068ED025897D3 ft=1 fh=d1940b96d2e05c2f vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\df7f363e758747308cc5.dll.vir"
sh=8B4C08E751DE5D41D9974F3D2AB3A6E8CF0667EA ft=1 fh=177ef19cecb528fe vn="Win64/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\df7f363e758747308cc564.dll.vir"
sh=B09F909AC6B9272E6754A0D4460B106789468147 ft=1 fh=92b89d148a805127 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\surfslide.BrowserAdapter.exe.vir"
sh=7A8E3FD61C05D4F72ABC86133FE54DACA4E414BF ft=1 fh=a1ffb9df9dab0682 vn="Win64/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\surfslide.BrowserAdapter64.exe.vir"
sh=6D95724F7A65D8B3AFA54B5DD35B5A8777191733 ft=1 fh=668ec0f5abc7ae06 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\{df7f363e-7587-4730-8cc5-ba707bc967f9}.dll.vir"
sh=3550E4C2CB20242A8DE4A32AA1E5F3377934D612 ft=1 fh=3e2243e646035f74 vn="Win64/BrowseFox.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf slide\bin\{df7f363e-7587-4730-8cc5-ba707bc967f9}64.dll.vir"
sh=3C752A652810FAD17E63230280C34D310AD719A1 ft=1 fh=c71c0011566e23ef vn="Variante von Win32/AdWare.AddLyrics.BV Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1BlockAndSurf\180.dll.vir"
sh=2C1C61B1476C6BEF36AA476C3E7B308FAFA45880 ft=1 fh=c71c0011b0cac4d1 vn="Variante von Win32/AdWare.AddLyrics.BP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe.vir"
sh=922629450117F924B954EDB62C26EF7FF58893EF ft=1 fh=c71c0011fef23482 vn="Variante von Win32/AdWare.AddLyrics.BS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1BlockAndSurf\l6BlockAndSurfp84.exe.vir"
sh=DC6B3BBE5664E79311F6F0FDE3EDC064EFFD1B69 ft=1 fh=87f12f8d06182dbd vn="Variante von Win32/AdWare.AddLyrics.CB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver1BlockAndSurf\Uninstall.exe.vir"
sh=D60F9D365A397D85AB58BD8DEBC2EFCB72686727 ft=1 fh=c71c0011f3b7a6de vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=0612F3DF2BD635BA7E21AF5DA00B4104642BC910 ft=1 fh=c71c00119a9cb0f1 vn="Variante von Win32/AdWare.ConvertAd.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Philipp\AppData\Local\ConvertAd\ConvertAd.exe.vir"
sh=3DD99CE62F9D4ABC4F521A672B346CEC13527230 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\6cfae8cc4676442fa78d9dcdf@bd4ea874e76d4af1994ba.com\extensionData\plugins\91.js.vir"
sh=C99485B48B80F1A57531CE69751A500641E23414 ft=1 fh=fc155b5c47ddbb36 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Philipp\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=E2E7555ACD0F7F6827A0958817774C8E4253DC21 ft=1 fh=117f72a1057668b7 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AEFC9C26D8E534F93A6BE2458C5BB4D5C4A05011 ft=1 fh=cdeb2820350448d6 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\AppData\Local\nsyF9FA.tmp"
sh=AEFC9C26D8E534F93A6BE2458C5BB4D5C4A05011 ft=1 fh=cdeb2820350448d6 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\AppData\Local\nszB6F3.tmp"
sh=BF9340C9ED0B01DA5945A9F5A388DC863BB56279 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\prefs.js"
sh=E014EA4DD182C8F94DAC84E78C92C85792D14D4F ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014.zip"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014\Freeware Starter Kit für Ihr Notebook\PDFCreator\PDFCreator-1_7_2_setup.exe"
sh=10F5FDFAA86B69DB53F209B2FD51458AC0B2387F ft=1 fh=703c6b964e2e6f3c vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014\Freeware Starter Kit für Ihr Notebook\SUMo\sumo3.10.1.226_nork.exe"
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Philipp (administrator) on PHILIPP-PC on 21-10-2014 22:30:42
Running from C:\Users\Philipp\Downloads
Loaded Profile: Philipp (Available profiles: Philipp)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [901216 2013-04-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-30] (Lenovo Group Limited)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-07-02] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1145738533-22672879-546596692-1001\...\MountPoints2: {1d1435dc-45ad-11e4-90ad-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKLM-x32 - {398582D3-F98D-4564-9A62-DB66295FD89E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB
SearchScopes: HKCU - {398582D3-F98D-4564-9A62-DB66295FD89E} URL =
BHO: Cinema-Plus-1.8cV09.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\ixquickde-https.xml
FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\abs@avira.com [2014-10-10]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\donottrackplus@abine.com [2014-10-11]
FF Extension: organizesearchenginesmaltekrausde - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\organize-search-engines@maltekraus.de [2014-10-21]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-10-11]
FF Extension: Cliqz Beta - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\cliqz@cliqz.com.xpi [2014-10-12]
FF Extension: Speed Dial - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-10-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-10-09]
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-09]
FF Extension: Adblock Edge - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-10-21]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\extensions\cliqz@cliqz.com
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-07-02] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-30] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-22] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-12] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2014-05-06] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-05-08] (Synaptics Incorporated)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-08] (Symantec Corporation)
S3 EraserUtilDrv11410; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [142640 2014-10-08] (Symantec Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [56048 2013-07-02] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141008.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\ENG64.SYS [129752 2014-10-08] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141008.016\EX64.SYS [2137304 2014-10-08] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [408136 2013-05-08] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1070080 2013-12-31] (Vimicro Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 21:15 - 2014-10-21 21:15 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-10-21 21:15 - 2014-10-21 21:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 21:12 - 2014-10-21 21:12 - 00001929 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-10-21 21:04 - 2014-10-21 21:04 - 00001937 _____ () C:\Users\Philipp\Desktop\malwarebytes.txt
2014-10-21 20:46 - 2014-10-21 21:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 20:46 - 2014-10-21 20:46 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-21 20:46 - 2014-10-21 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-21 20:46 - 2014-10-21 20:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 20:46 - 2014-10-21 20:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-21 20:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 20:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-21 20:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-21 20:43 - 2014-10-21 20:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-21 20:36 - 2014-10-21 20:36 - 00448512 _____ (OldTimer Tools) C:\Users\Philipp\Downloads\TFC.exe
2014-10-21 20:23 - 2014-10-21 20:23 - 00000000 ____D () C:\Users\Philipp\Downloads\FRST-OlderVersion
2014-10-21 19:29 - 2014-10-21 19:29 - 00001912 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-10-21 19:27 - 2014-10-21 19:27 - 00000000 ____D () C:\Windows\ERUNT
2014-10-21 19:15 - 2014-10-21 19:15 - 01705698 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-10-21 19:10 - 2014-10-21 19:19 - 00000000 ____D () C:\AdwCleaner
2014-10-21 19:09 - 2014-10-21 19:09 - 01962496 _____ () C:\Users\Philipp\Downloads\AdwCleaner_4.001.exe
2014-10-21 19:09 - 2014-10-21 19:08 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 20:05 - 2014-10-12 20:05 - 00030128 _____ () C:\Users\Philipp\Downloads\logfiles.7z
2014-10-12 20:04 - 2014-10-12 20:05 - 00030128 _____ () C:\Users\Philipp\Downloads\Downloads.7z
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-10-12 20:03 - 2014-10-12 20:03 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-10-12 19:23 - 2014-10-12 19:23 - 01098088 _____ () C:\Windows\Minidump\101214-25131-01.dmp
2014-10-12 19:23 - 2014-10-12 19:23 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 19:22 - 2014-10-12 19:22 - 787588699 _____ () C:\Windows\MEMORY.DMP
2014-10-12 18:54 - 2014-10-12 18:54 - 00057539 _____ () C:\Users\Philipp\Downloads\gmer.log
2014-10-12 18:38 - 2014-10-12 18:38 - 00380416 _____ () C:\Users\Philipp\Downloads\Gmer-19357.exe
2014-10-12 18:34 - 2014-10-12 18:35 - 00037232 _____ () C:\Users\Philipp\Downloads\Addition.txt
2014-10-12 18:32 - 2014-10-21 22:30 - 00024294 _____ () C:\Users\Philipp\Downloads\FRST.txt
2014-10-12 18:32 - 2014-10-21 22:30 - 00000000 ____D () C:\FRST
2014-10-12 18:29 - 2014-10-21 20:23 - 02110976 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-10-12 18:29 - 2014-10-12 18:29 - 00000476 _____ () C:\Users\Philipp\Downloads\defogger_disable.log
2014-10-12 18:29 - 2014-10-12 18:29 - 00000000 _____ () C:\Users\Philipp\defogger_reenable
2014-10-12 18:28 - 2014-10-12 18:28 - 00050477 _____ () C:\Users\Philipp\Downloads\Defogger.exe
2014-10-11 18:12 - 2014-10-11 17:53 - 00000825 _____ () C:\Users\Philipp\Documents\indexfile.txt
2014-10-11 18:11 - 2014-10-11 18:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-11 18:11 - 2014-10-11 18:11 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00001034 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-10-11 18:07 - 2014-10-11 18:07 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-10-11 18:05 - 2014-10-11 18:05 - 01125200 _____ () C:\Users\Philipp\Downloads\MozBackup - CHIP-Installer.exe
2014-10-11 17:57 - 2014-10-11 17:57 - 01055936 _____ (Adobe) C:\Users\Philipp\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-10-11 17:40 - 2014-10-21 19:06 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avaxv
2014-10-11 17:40 - 2014-10-13 17:04 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Malaon
2014-10-11 17:38 - 2014-10-12 20:08 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Deployment
2014-10-11 17:38 - 2014-10-11 17:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apps\2.0
2014-10-10 10:42 - 2014-10-10 10:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-10 10:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-10 10:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-10 10:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-10 10:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-10 10:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-10 10:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-10 10:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-10 10:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-10 10:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-10 10:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-10 10:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-10 10:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-10 10:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-10 10:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-10 10:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-10 10:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-10 10:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-10 10:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-10 10:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-10 10:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-10 10:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-10 10:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-10 10:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-10 10:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-10 10:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-10 10:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-10 10:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-10 10:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-10 10:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-10 10:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-10 10:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-10 10:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-10 10:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-10 10:02 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-10-10 09:46 - 2014-10-10 09:46 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Avira
2014-10-10 09:41 - 2014-10-21 19:07 - 00000000 ____D () C:\Users\Philipp\AppData\Local\CrashDumps
2014-10-10 09:40 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-10 09:40 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-10 09:38 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-10 09:38 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-10 09:34 - 2014-10-10 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\ProgramData\Avira
2014-10-10 09:34 - 2014-10-10 09:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 09:34 - 2014-10-10 09:34 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-10 09:33 - 2014-10-10 09:33 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philipp\Downloads\avira_de_av_4464542853__ws.exe
2014-10-10 09:29 - 2014-10-10 09:29 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nsyF9FA.tmp
2014-10-10 09:28 - 2014-10-10 09:28 - 00056504 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-10 09:28 - 2014-10-10 09:28 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-10 09:28 - 2014-10-10 09:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-10 09:27 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-10 09:27 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-10 09:27 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-10 09:27 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-10 09:27 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-10 09:27 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-09 20:55 - 2014-10-09 20:55 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2014-10-09 20:54 - 2014-10-09 20:54 - 00612067 _____ (CMI Limited) C:\Users\Philipp\AppData\Local\nszB6F3.tmp
2014-10-09 20:54 - 2014-10-09 20:54 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\ap_movie
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Xunlei
2014-10-09 20:47 - 2014-10-09 20:47 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Users\Philipp\Documents\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-10-09 20:45 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:46 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-10-09 20:44 - 2014-10-09 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-10-09 20:44 - 2014-09-23 09:43 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-10-09 20:44 - 2014-09-23 09:43 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-10-09 20:44 - 2014-09-23 09:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-10-09 20:44 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-10-09 20:44 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-10-09 20:39 - 2014-10-21 21:08 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Dropbox
2014-10-09 20:39 - 2014-10-09 20:39 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 20:38 - 2014-10-10 09:25 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\BatteryBar
2014-10-09 20:38 - 2014-10-09 20:38 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Macromedia
2014-10-09 20:36 - 2014-10-21 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 20:36 - 2014-10-11 18:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 20:36 - 2014-10-11 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 20:36 - 2014-10-11 18:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-09 20:36 - 2014-10-10 09:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 20:36 - 2014-10-10 09:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Google
2014-10-09 20:36 - 2014-10-09 20:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-09 20:35 - 2014-10-11 18:03 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-10-09 20:35 - 2014-10-09 20:35 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-09 20:32 - 2014-10-09 20:32 - 00000000 _____ () C:\Users\Philipp\Downloads\FileOpenerSetup.exe
2014-10-09 20:27 - 2014-10-09 20:28 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple Computer
2014-10-09 20:27 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-09 20:27 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-09 20:26 - 2014-10-09 20:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-09 20:26 - 2014-10-09 20:26 - 00000000 ____D () C:\Program Files\iPod
2014-10-09 20:24 - 2014-10-09 20:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-09 20:24 - 2014-10-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-09 20:23 - 2014-10-09 20:30 - 912748031 _____ () C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014.zip
2014-10-09 20:23 - 2014-10-09 20:24 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Abelssoft
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-10-09 20:23 - 2014-10-09 20:23 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-10-09 20:23 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-09 20:23 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-09 20:21 - 2014-10-09 20:22 - 80521624 _____ (Apple Inc.) C:\Users\Philipp\Downloads\iTunes64Setup.exe
2014-10-09 20:18 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-09 20:18 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-09 20:14 - 2014-10-09 20:14 - 111992144 _____ (Apple Inc.) C:\Users\Philipp\Desktop\iTunesSetup.exe
2014-10-09 20:13 - 2014-10-09 20:13 - 01125200 _____ () C:\Users\Philipp\Downloads\CHIP Online Notebook Starter Kit 2014 - CHIP-Installer.exe
2014-10-09 20:11 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-09 20:11 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-09 20:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-09 20:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-09 20:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-09 20:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-09 20:11 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-10-09 20:11 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-10-09 20:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-09 20:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-09 20:10 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-09 20:10 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-09 20:10 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-09 20:10 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-09 20:10 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-09 20:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-09 20:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-09 20:10 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-09 20:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-09 20:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-09 20:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-09 20:09 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-09 20:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-09 20:09 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-09 20:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-09 20:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-09 20:08 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-09 20:08 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-09 20:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-09 20:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:07 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-09 20:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-09 20:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-09 20:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-09 20:03 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-09 20:03 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-09 20:03 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-09 20:03 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-09 20:03 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-09 20:03 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-10-09 20:02 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-09 20:02 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-09 19:58 - 2014-10-21 19:19 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-21 19:19 - 00001056 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-10-09 19:58 - 2014-10-09 19:59 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 19:58 - 2014-10-09 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3.exe
2014-10-09 19:57 - 2014-10-09 19:57 - 35095808 _____ () C:\Users\Philipp\Downloads\Firefox_Setup_de32.0.3 (1).exe
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-10-09 19:55 - 2014-10-10 09:37 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-09 19:54 - 2014-10-09 19:55 - 30503712 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_24.0.1558.64_Setup.exe
2014-10-09 19:52 - 2014-10-09 19:52 - 00000000 ____D () C:\Users\Philipp\AppData\Local\IsolatedStorage
2014-10-09 19:51 - 2014-10-09 19:51 - 00000000 ____D () C:\Users\Philipp\AppData\Local\GestureControl
2014-10-09 18:23 - 2014-10-09 18:23 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\LSC
2014-10-09 09:30 - 2014-10-21 21:04 - 00134266 _____ () C:\Users\Public\CAFADEBUG.log
2014-10-08 18:17 - 2014-10-08 18:17 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\PwrMgr
2014-10-08 18:07 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-10-08 18:07 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-10-08 17:50 - 2014-10-08 17:50 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-08 17:50 - 2014-10-08 17:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-10-08 17:02 - 2014-10-09 20:27 - 00060056 _____ () C:\Users\Philipp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-08 17:02 - 2014-10-08 17:50 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Lenovo
2014-10-08 17:01 - 2014-10-21 19:19 - 00001010 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\Documents\Meine empfangenen Dateien
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Leadertech
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\VirtualStore
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Downloaded Installations
2014-10-08 17:00 - 2014-10-12 18:29 - 00000000 ____D () C:\Users\Philipp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000895 _____ () C:\Users\Public\Desktop\Installieren Sie Ihre zusõtzlichen Anwendungen.lnk
2014-10-08 17:00 - 2014-10-08 17:00 - 00000020 ___SH () C:\Users\Philipp\ntuser.ini
2014-10-08 17:00 - 2014-10-08 17:00 - 00000010 _____ () C:\Windows\getvol.scp
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Vorlagen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Startmenü
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Netzwerkumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Lokale Einstellungen
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Eigene Dateien
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Druckumgebung
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Musik
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Documents\Eigene Bilder
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Verlauf
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\AppData\Local\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _SHDL () C:\Users\Philipp\Anwendungsdaten
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Intel
2014-10-08 17:00 - 2014-10-08 17:00 - 00000000 _____ () C:\Windows\firstboot.dat
2014-10-08 17:00 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-10-08 17:00 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Macromedia
2014-10-08 17:00 - 2009-08-25 05:18 - 01067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-08 17:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-08 17:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieUserList
2014-10-08 16:07 - 2014-10-08 16:07 - 00000000 __SHD () C:\Users\Philipp\AppData\Local\EmieSiteList
2014-10-08 16:04 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-08 16:04 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-08 16:04 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-08 16:04 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-08 16:04 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-08 16:04 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-08 16:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-08 16:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-26 21:22 - 2014-09-26 21:22 - 00003864 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2014-09-26 21:22 - 2014-09-26 21:22 - 00003616 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2014-09-26 21:21 - 2014-09-26 21:21 - 00002033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_usb3Hub_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Program Files\Intel Corporation
2014-09-26 21:19 - 2014-09-26 21:19 - 00001991 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Users\Public\Symantec
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\SymSilent
2014-09-26 21:19 - 2014-09-26 21:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-26 21:19 - 2013-07-19 00:47 - 00002040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk
2014-09-26 21:18 - 2014-10-10 09:22 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-26 21:18 - 2014-09-26 21:18 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-26 21:18 - 2014-09-26 21:18 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-26 21:18 - 2014-09-26 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-26 21:17 - 2014-10-10 09:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-26 21:17 - 2014-10-08 17:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-26 21:17 - 2014-09-26 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00002107 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00001943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-26 21:16 - 2014-09-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-26 21:16 - 2014-05-16 03:38 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-09-26 21:16 - 2014-05-16 03:38 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-09-26 21:15 - 2014-09-26 21:15 - 00000143 _____ () C:\Windows\eyesight1.cmd
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gesture Control
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\ProgramData\eyeSight
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 ____D () C:\Program Files (x86)\eyeSight
2014-09-26 21:15 - 2013-07-17 09:41 - 00001345 _____ () C:\Windows\eyesight1.lnk
2014-09-26 21:15 - 2010-03-03 18:54 - 00001423 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free Skype voice and video calls.lnk
2014-09-26 21:13 - 2014-10-21 21:06 - 00000000 ____D () C:\ProgramData\Validity
2014-09-26 21:13 - 2014-10-08 18:17 - 629145600 ___SH () C:\Windows\lenovo_fastboot.img
2014-09-26 21:13 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-09-26 21:13 - 2014-09-26 21:15 - 00196608 _____ () C:\Windows\ocsetup_install_OEMHelpCustomization.etl
2014-09-26 21:13 - 2014-09-26 21:14 - 00028728 _____ () C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fingerprint Reader
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files\Synaptics Incorporated
2014-09-26 21:13 - 2014-09-26 21:13 - 00000000 ____D () C:\Program Files (x86)\Lenovo Registration
2014-09-26 21:13 - 2013-07-02 08:33 - 00056048 ____N (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Fastboot.sys
2014-09-26 21:13 - 2013-06-26 11:54 - 00002254 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Evernote Installer.lnk
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-26 21:12 - 2014-10-11 18:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-26 21:12 - 2014-10-09 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-09-26 21:12 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo Fingerprint Reader
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Public\Lenovo
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-26 21:12 - 2014-09-26 21:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-26 21:11 - 2014-10-08 17:50 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-26 21:11 - 2014-09-26 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-26 21:11 - 2014-09-26 21:11 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-09-26 21:11 - 2014-09-26 21:11 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-09-26 21:10 - 2014-09-26 21:19 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-09-26 21:10 - 2014-09-26 21:10 - 00015396 _____ () C:\Windows\system32\results.xml
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files\ThinkPad
2014-09-26 21:10 - 2014-09-26 21:10 - 00000000 ____D () C:\Program Files (x86)\ThinkPad
2014-09-26 21:10 - 2014-06-24 00:05 - 02853664 _____ (Lenovo Group Limited) C:\Windows\system32\PWMCP64V.cpl
2014-09-26 21:10 - 2014-06-24 00:05 - 02692896 ____N (Lenovo Group Limited) C:\Windows\PWMBTHLV.EXE
2014-09-26 21:10 - 2014-06-24 00:05 - 00020736 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR64V.SYS
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2014-09-26 21:08 - 2014-09-26 21:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-09-26 21:07 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-09-26 21:06 - 2013-05-16 05:18 - 00004656 _____ () C:\Windows\system32\Drivers\SamSfPa.dat
2014-09-26 21:06 - 2012-12-03 19:27 - 00202400 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2014-09-26 21:06 - 2011-09-01 09:23 - 00447104 _____ (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
2014-09-26 21:05 - 2014-09-26 21:07 - 00000000 ____D () C:\Program Files\CONEXANT
2014-09-26 21:05 - 2014-09-26 21:05 - 00000000 ____D () C:\ProgramData\Conexant
2014-09-26 21:05 - 2013-05-15 09:27 - 00406208 _____ (Conexant Systems, Inc.) C:\Windows\system32\CSpkExt64.dll
2014-09-26 21:05 - 2013-05-14 09:43 - 01684184 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys
2014-09-26 21:05 - 2013-04-18 10:02 - 01788000 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP83.dll
2014-09-26 21:05 - 2013-02-08 23:02 - 02817632 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A35.DLL
2014-09-26 21:05 - 2013-01-25 07:57 - 02730016 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-09-26 21:05 - 2012-08-31 13:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2014-09-26 21:05 - 2012-08-31 13:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2014-09-26 21:05 - 2012-06-29 07:04 - 00050848 _____ (Conexant Systems Inc.) C:\Windows\system32\CxPageMaster64.dll
2014-09-26 21:05 - 2012-01-16 04:42 - 00666240 _____ (Conexant Systems, Inc.) C:\Windows\system32\C3DHPExt64.dll
2014-09-26 21:05 - 2011-01-18 02:35 - 00030893 _____ () C:\Windows\system32\Drivers\Mixer.ini
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-09-26 21:04 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-26 21:03 - 2014-10-10 09:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Vimicro
2014-09-26 21:02 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\USB Camera
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\vm331Rmv.ini
2014-09-26 21:02 - 2014-02-26 05:26 - 00002065 _____ () C:\Windows\SysWOW64\vm331Rmv.ini
2014-09-26 21:02 - 2013-12-31 04:20 - 01070080 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys
2014-09-26 21:02 - 2013-12-27 10:12 - 00358912 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll
2014-09-26 21:02 - 2013-05-08 09:35 - 00408136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2014-09-26 21:02 - 2013-04-25 12:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPerIcon.dll
2014-09-26 21:02 - 2013-01-17 08:33 - 01078272 _____ () C:\Windows\system32\331prx64.ax
2014-09-26 21:02 - 2013-01-17 08:33 - 00667648 _____ () C:\Windows\SysWOW64\vmprp331.ax
2014-09-26 21:02 - 2010-06-30 11:38 - 00000356 _____ () C:\Windows\system\vm331avs.rsf
2014-09-26 21:01 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Synaptics
2014-09-26 21:01 - 2014-09-26 21:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-26 21:01 - 2014-09-26 21:01 - 00001346 _____ () C:\Windows\Synaptics.log
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-26 21:01 - 2014-09-26 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2014-09-26 21:01 - 2014-04-07 06:01 - 00745712 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00554224 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-09-26 21:01 - 2014-04-07 06:01 - 00405232 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00254704 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00208112 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2014-09-26 21:01 - 2014-04-07 06:01 - 00031472 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-09-26 21:01 - 2014-01-07 07:20 - 00001741 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk
2014-09-26 21:01 - 2013-03-27 09:51 - 00842312 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-26 21:01 - 2013-03-27 09:51 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-09-26 21:01 - 2013-03-27 09:51 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-26 21:00 - 2014-10-08 17:50 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\Lenovo USB Graphics
2014-09-26 21:00 - 2014-09-26 21:00 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-09-26 20:59 - 2014-10-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-09-26 20:59 - 2014-09-26 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-26 20:59 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-09-26 20:59 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-09-26 20:58 - 2014-10-08 17:01 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_S3-S440_20AYCTO1WW.MRK
2014-09-26 20:58 - 2014-09-26 20:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-09-26 20:58 - 2014-01-08 00:53 - 25971712 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21658624 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 21007360 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 20954112 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19950592 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 19202560 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 09081856 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07944704 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 07596504 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 06280704 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04472320 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 04220416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-09-26 20:58 - 2014-01-08 00:53 - 03556864 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 03207680 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02881536 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
2014-09-26 20:58 - 2014-01-08 00:53 - 02384896 _____ () C:\Windows\system32\GfxRes.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 02065920 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01815040 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01127424 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 01123328 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00906200 _____ (Intel Corporation) C:\Windows\system32\igfxstarter.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00845272 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00771544 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00770520 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00755160 _____ (Intel Corporation) C:\Windows\system32\GfxUIHotKeyMenu.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00729088 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00624640 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00548864 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00530904 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00527872 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00522240 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00521728 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00517632 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00516096 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00514048 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00513536 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00493056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00397784 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00396760 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00391128 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-09-26 20:58 - 2014-01-08 00:53 - 00347648 _____ () C:\Windows\system32\igdmd64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00346624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00290816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00280064 _____ () C:\Windows\SysWOW64\igdmd32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-09-26 20:58 - 2014-01-08 00:53 - 00279000 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00267407 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00253466 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00243712 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00235401 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00224256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00222208 _____ () C:\Windows\system32\igdde64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00214528 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00201128 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00198725 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00194560 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00192758 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3383.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00182272 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00180936 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00180850 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00179712 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00178473 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178290 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00178123 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00176838 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175862 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175571 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00175067 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174802 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00174269 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173792 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173276 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00173059 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172833 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00172554 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00171691 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00168215 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166833 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00166220 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00163328 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00161534 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00160256 _____ () C:\Windows\system32\igdail64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00155136 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00154805 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00153048 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-09-26 20:58 - 2014-01-08 00:53 - 00152993 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-09-26 20:58 - 2014-01-08 00:53 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00137728 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00133120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00066560 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00029696 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00025600 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00012288 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-09-26 20:58 - 2014-01-08 00:53 - 00002940 _____ () C:\Windows\system32\iglhxs64.vp
2014-09-26 20:58 - 2014-01-08 00:53 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
2014-09-26 20:58 - 2013-12-30 23:06 - 00450520 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00790000 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00368624 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-09-26 20:58 - 2013-10-21 04:25 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2014-09-26 20:58 - 2013-10-21 04:25 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-09-26 20:58 - 2013-02-27 09:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-09-26 20:55 - 2014-10-08 17:51 - 00000000 ____D () C:\ProgramData\Intel
2014-09-26 20:55 - 2014-09-26 21:04 - 00000000 ____D () C:\Program Files\Intel
2014-09-26 20:55 - 2014-09-26 20:57 - 00075099 _____ () C:\Windows\winredism.log
2014-09-26 20:55 - 2013-05-21 19:45 - 00008192 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-09-26 20:54 - 2014-09-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-26 20:54 - 2014-09-26 20:58 - 00000000 ____D () C:\Intel
2014-09-26 20:54 - 2014-09-26 20:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-09-26 20:54 - 2013-05-08 22:23 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-09-26 20:54 - 2013-05-08 22:23 - 00099800 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\MLPS
2014-09-26 20:53 - 2014-09-26 20:53 - 00000000 ____D () C:\Program Files\DIFX
2014-09-26 20:52 - 2014-09-26 21:04 - 00032216 _____ () C:\Windows\DPINST.LOG
2014-09-26 20:51 - 2014-09-26 20:51 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-09-26 20:50 - 2014-09-26 20:50 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-09-26 20:48 - 2014-10-11 17:40 - 02094734 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 20:45 - 2014-09-26 20:45 - 00000000 ____D () C:\Windows\CSC
2014-09-26 20:42 - 2014-09-26 20:42 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-26 20:42 - 2014-09-26 20:42 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-26 20:41 - 2014-09-26 20:41 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-26 20:41 - 2014-09-26 20:41 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-09-26 20:40 - 2014-09-26 20:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-26 20:38 - 2014-09-26 20:38 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINEN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINASA.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2014-09-26 20:38 - 2014-09-26 20:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2014-09-26 20:37 - 2014-09-26 20:37 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-09-26 20:37 - 2014-09-26 20:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-09-26 20:37 - 2014-09-26 20:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-09-26 20:37 - 2014-09-26 20:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-09-26 20:37 - 2014-09-26 20:37 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-09-26 20:36 - 2014-09-26 20:37 - 00404551 _____ () C:\Windows\KB2685813.log
2014-09-26 20:36 - 2014-09-26 20:36 - 00393930 _____ () C:\Windows\KB2685811.log
2014-09-26 20:30 - 2014-09-26 20:30 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-26 20:30 - 2014-09-26 20:30 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-09-26 20:29 - 2014-09-26 20:29 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-26 20:29 - 2014-09-26 20:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-09-26 20:28 - 2014-09-26 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-26 20:27 - 2014-09-26 20:27 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00007680 _____ (Microsoft Corporation)
|
|
21.10.2014, 21:36
| #14 |
| | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden FRST 2. Teil: Code:
ATTFilter C:\Windows\SysWOW64\instnm.exe
2014-09-26 20:27 - 2014-09-26 20:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-09-26 20:27 - 2014-09-26 20:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-09-26 20:26 - 2014-09-26 20:26 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-09-26 20:26 - 2014-09-26 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-09-26 20:24 - 2014-09-26 20:25 - 00341673 _____ () C:\Windows\NL-NL_IE11.log
2014-09-26 20:22 - 2014-09-26 20:23 - 00341951 _____ () C:\Windows\IT-IT_IE11.log
2014-09-26 20:21 - 2014-09-26 20:22 - 00341456 _____ () C:\Windows\fr-FR_IE11.log
2014-09-26 20:20 - 2014-09-26 20:21 - 00341693 _____ () C:\Windows\DE-DE_IE11.log
2014-09-26 20:19 - 2014-09-26 20:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-26 20:19 - 2014-09-26 20:19 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-26 20:19 - 2014-09-26 20:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-26 20:19 - 2014-09-26 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-26 20:19 - 2014-09-26 20:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-26 20:19 - 2014-09-26 20:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-26 20:18 - 2014-09-26 20:20 - 02003137 _____ () C:\Windows\EN_IE11.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00411553 _____ () C:\Windows\KB2888049.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-09-26 20:18 - 2014-09-26 20:18 - 00248921 _____ () C:\Windows\KB2882822.log
2014-09-26 20:18 - 2014-09-26 20:18 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-09-26 20:17 - 2014-09-26 20:18 - 00078862 _____ () C:\Windows\KB2834140-V2.log
2014-09-26 20:17 - 2014-09-26 20:17 - 00059787 _____ () C:\Windows\KB2786081.log
2014-09-26 20:16 - 2014-09-26 20:17 - 02229591 _____ () C:\Windows\KB2731771.log
2014-09-26 20:16 - 2014-09-26 20:16 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00122102 _____ () C:\Windows\KB2729094-V2.log
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:16 - 2014-09-26 20:16 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-26 20:15 - 2014-09-26 20:16 - 02342669 _____ () C:\Windows\KB2670838.log
2014-09-26 20:15 - 2014-09-26 20:15 - 01073616 _____ () C:\Windows\KB2533623.log
2014-09-26 20:14 - 2014-10-21 21:23 - 00735300 _____ () C:\Windows\system32\perfh013.dat
2014-09-26 20:14 - 2014-10-21 21:23 - 00152968 _____ () C:\Windows\system32\perfc013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00341322 _____ () C:\Windows\system32\perfi013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00043068 _____ () C:\Windows\system32\perfd013.dat
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\0413
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\nl
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\system32\0413
2014-09-26 20:09 - 2014-10-21 21:23 - 00731848 _____ () C:\Windows\system32\perfh010.dat
2014-09-26 20:09 - 2014-10-21 21:23 - 00146712 _____ () C:\Windows\system32\perfc010.dat
2014-09-26 20:09 - 2014-09-26 20:15 - 37148880 _____ () C:\Windows\nl-NL.log
2014-09-26 20:09 - 2014-09-26 20:08 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-09-26 20:09 - 2014-09-26 20:08 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\it
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 ____D () C:\Windows\system32\0410
2014-09-26 20:03 - 2014-10-21 21:23 - 00737518 _____ () C:\Windows\system32\perfh00C.dat
2014-09-26 20:03 - 2014-10-21 21:23 - 00149446 _____ () C:\Windows\system32\perfc00C.dat
2014-09-26 20:03 - 2014-09-26 20:09 - 37132632 _____ () C:\Windows\it-it.log
2014-09-26 20:03 - 2014-09-26 20:03 - 00344522 _____ () C:\Windows\system32\perfi00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00038160 _____ () C:\Windows\system32\perfd00C.dat
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\SysWOW64\040C
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\fr
2014-09-26 20:03 - 2014-09-26 20:03 - 00000000 ____D () C:\Windows\system32\040C
2014-09-26 19:58 - 2014-10-21 21:23 - 00699340 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 19:58 - 2014-10-21 21:23 - 00149448 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 19:58 - 2014-09-26 20:03 - 37132092 _____ () C:\Windows\fr-fr.log
2014-09-26 19:58 - 2014-09-26 19:57 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-09-26 19:58 - 2014-09-26 19:57 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-09-26 19:57 - 2014-09-26 20:14 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\de
2014-09-26 19:57 - 2014-09-26 19:57 - 00000000 ____D () C:\Windows\system32\0407
2014-09-26 19:52 - 2014-09-26 19:58 - 37121864 _____ () C:\Windows\de-de.log
2014-09-26 19:51 - 2013-11-07 12:46 - 00066856 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00060712 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-09-26 19:51 - 2013-11-07 12:46 - 00054528 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-09-26 19:51 - 2013-11-07 12:46 - 00040232 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-09-26 19:51 - 2013-04-30 02:03 - 00679920 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2014-09-26 19:51 - 2013-04-30 02:03 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2014-09-26 19:51 - 2011-03-25 02:58 - 00001271 _____ () C:\Windows\MFGCLEAN.CMD
2014-09-26 19:51 - 2007-09-19 12:41 - 00004096 _____ () C:\Windows\system32\Thumbs.db
2014-09-26 03:40 - 2014-09-26 03:40 - 00000000 ____D () C:\mfg
2014-09-26 03:17 - 2014-10-08 16:07 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-26 03:15 - 2012-12-10 02:46 - 00000012 _____ () C:\Windows\CSUP.TXT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 21:23 - 2009-07-14 07:13 - 04271558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 21:16 - 2009-07-14 06:51 - 00047830 _____ () C:\Windows\setupact.log
2014-10-21 21:14 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 21:14 - 2009-07-14 06:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 21:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 21:05 - 2010-11-21 05:47 - 00143322 _____ () C:\Windows\PFRO.log
2014-10-10 10:47 - 2009-07-14 06:45 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 10:43 - 2014-02-03 16:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-10 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-10 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-10 10:34 - 2014-01-30 23:46 - 04183916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-10 09:29 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-10 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-09 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-08 17:50 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-10-08 17:03 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\Windows\Panther
2014-10-08 17:01 - 2014-01-30 21:47 - 00000000 ____D () C:\SWTOOLS
2014-10-08 16:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-26 21:22 - 2009-07-14 06:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2014-09-26 21:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-26 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-26 21:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\WinBioDatabase
2014-09-26 21:10 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-09-26 21:09 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 21:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-26 21:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-09-26 20:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-09-26 20:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-26 20:50 - 2014-01-30 21:50 - 00003652 _____ () C:\Windows\TSSysprep.log
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-09-26 20:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-09-26 20:14 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-09-26 20:14 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-26 20:14 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-26 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-26 19:51 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-26 03:15 - 2009-07-14 07:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-01-30 21:48
==================== End Of Log ============================
|
|
22.10.2014, 09:06
| #15 |
| /// Malwareteam | Win7 Prof. penetrante popups, browserabsturz, versuch automatisch dateien downzuloaden Hallo und guten Morgen Code:
ATTFilter Spyware.Password
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Philipp\AppData\Local\nsyF9FA.tmp
C:\Users\Philipp\AppData\Local\nszB6F3.tmp
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\jh0rqjqg.default\prefs.js
C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014.zip
C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014\Freeware Starter Kit für Ihr Notebook\PDFCreator\PDFCreator-1_7_2_setup.exe
C:\Users\Philipp\Downloads\Freeware_Starter_Kit_fuer_Ihr_Notebook_2014\Freeware Starter Kit für Ihr Notebook\SUMo\sumo3.10.1.226_nork.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: Cinema-Plus-1.8cV09.10 -> {11111111-1111-1111-1111-110611321185} -> C:\Program Files (x86)\Cinema-Plus-1.8cV09.10\Cinema-Plus-1.8cV09.10-bho64.dll No File
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Downloade Dir bitte  SecurityCheck und:
|
|
Gruß Aneri 
Linear-Darstellung
