|
Plagegeister aller Art und deren Bekämpfung: Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.11.2014, 20:36 | #1 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hallo, ich war so doof und hab nen Zip-File aufgemacht, das angeblich eine Telekomrechnung beinhalten sollte. Hab relativ schnell festgestellt, dass es wohl eine Trojanermail war. Jetzt bin ich mir unsicher, ob der sich in meinem System befindet. Kann mir da vielleicht jemand weiterhelfen? Vielen Dank! Vg Mamasrechner Hier die Scan-Logs FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Admin (administrator) on ADMIN-THINK on 11-11-2014 20:31:08 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adminsas Electronics Corporation) C:\Program Files (x86)\Adminsas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hypersoft GmbH) C:\Hypers-!\TerminalCommander.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-01-07] (Conexant systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Adminsas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Adminsas Electronics Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\...\MountPoints2: {f68f5917-89be-11e0-846e-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hypersoft Terminal Commander.lnk ShortcutTarget: Hypersoft Terminal Commander.lnk -> C:\Hypers-!\MCP-!\TerminalCommander.exe (Hypersoft GmbH) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Lavasoft HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=717BCBDB32C44974AFB8835166AEA249&q={searchTerms} SearchScopes: HKCU - {DCA63C06-B30D-4178-93A3-8A3F957AFA11} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Hosts: 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default FF DefaultSearchEngine: SecureSearch FF SelectedSearchEngine: SecureSearch FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=717BCBDB32C44974AFB8835166AEA249&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default\Extensions\abs@avira.com [2014-10-26] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed] R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed] S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-11] (GFI Software) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-05-29] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S1 MpKsl76dc7dea; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFFF6FB5-18AA-43CF-9270-5C84A051484C}\MpKsl76dc7dea.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X] S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 20:31 - 2014-11-11 20:32 - 00022357 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-11-11 20:31 - 2014-11-11 20:31 - 00000000 ____D () C:\FRST 2014-11-11 20:30 - 2014-11-11 20:30 - 02116096 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-11-07 12:55 - 2014-11-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-29 18:03 - 2014-11-08 11:20 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-26 19:29 - 2014-10-26 19:29 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-10-26 19:29 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-26 19:28 - 2014-10-26 19:28 - 00000000 ____D () C:\Program Files\iPod 2014-10-26 19:23 - 2014-10-26 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-10-17 08:53 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-17 08:53 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-17 08:53 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-17 08:53 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-17 08:52 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-17 08:52 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 08:52 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-17 08:52 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 08:52 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-17 08:52 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 08:52 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-17 08:52 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-17 08:52 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-17 08:52 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-17 08:52 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-17 08:52 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-17 08:52 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-17 08:52 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-17 08:52 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-17 08:52 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-17 08:52 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-17 08:52 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-17 08:52 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-17 08:52 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-17 08:52 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-17 08:52 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-17 08:52 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-17 08:52 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-17 08:52 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-17 08:52 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-17 08:52 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-17 08:52 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-17 08:52 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-17 08:52 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-17 08:52 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-17 08:52 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-17 08:52 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-17 08:52 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-17 08:52 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-17 08:52 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-17 08:52 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-17 08:52 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-17 08:52 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-17 08:52 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-17 08:52 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-17 08:52 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-17 08:52 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-17 08:52 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-17 08:52 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-17 08:52 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-17 08:52 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-17 08:52 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-17 08:52 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-17 08:52 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-17 08:52 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-17 08:52 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-17 08:52 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-17 08:52 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-17 08:50 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-17 08:50 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-17 08:49 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-17 08:49 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-17 08:49 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-17 08:49 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-17 08:49 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-17 08:49 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-17 08:49 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-17 08:49 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-17 08:48 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-17 08:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-17 08:48 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-17 08:48 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 20:29 - 2009-07-14 05:51 - 00233716 _____ () C:\Windows\setupact.log 2014-11-11 20:27 - 2011-05-29 08:11 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-11-11 20:25 - 2013-03-01 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-11 20:23 - 2011-05-29 08:11 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-11-11 20:21 - 2011-11-28 12:53 - 00073226 _____ () C:\Windows\pvsw.log 2014-11-11 20:20 - 2011-07-06 14:25 - 00000000 ____D () C:\Hypers-! 2014-11-11 20:17 - 2011-05-29 07:49 - 01454533 _____ () C:\Windows\WindowsUpdate.log 2014-11-11 16:28 - 2011-05-29 17:39 - 08554878 _____ () C:\Windows\system32\perfh007.dat 2014-11-11 16:28 - 2011-05-29 17:39 - 02677158 _____ () C:\Windows\system32\perfc007.dat 2014-11-11 16:28 - 2009-07-14 06:13 - 02778498 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-11 12:53 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:53 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:34 - 2011-05-29 08:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-11 12:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-10 17:00 - 2013-03-01 01:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 21:27 - 2011-06-20 10:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\CutePDF Writer 2014-11-09 16:31 - 2014-06-19 22:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\MobileAccess 2014-11-08 11:20 - 2014-08-08 15:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-08 11:20 - 2013-03-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-08 11:20 - 2013-03-01 00:32 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-06 19:30 - 2009-07-14 03:34 - 00000759 _____ () C:\Windows\win.ini 2014-11-06 18:18 - 2011-06-17 21:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-11-05 17:51 - 2011-06-20 14:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help 2014-11-04 18:42 - 2011-06-17 09:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-11-01 00:48 - 2011-09-05 23:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 19:28 - 2014-05-10 22:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-26 19:28 - 2011-06-17 09:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-10-21 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-20 08:44 - 2014-06-19 22:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LSC 2014-10-17 11:36 - 2009-07-14 05:45 - 00457792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 11:34 - 2014-05-01 08:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-17 09:39 - 2011-06-17 08:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-17 09:35 - 2013-11-26 10:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 09:30 - 2013-11-26 10:48 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 09:12 - 2013-05-02 09:41 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-14 09:12 - 2013-03-27 13:16 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-14 09:12 - 2013-03-27 13:16 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-12 21:56 - 2014-05-27 23:49 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2014-10-12 21:56 - 2011-05-29 17:20 - 00000000 ____D () C:\ProgramData\Lenovo 2014-10-12 21:56 - 2011-05-29 07:55 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2014-10-12 21:56 - 2011-05-29 07:54 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-10-12 21:55 - 2011-05-29 08:09 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-10-12 21:51 - 2014-06-19 22:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Lenovo Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\2d4b81b2-bd03-4417-9627-a605e8d0d3c3.exe C:\Users\Admin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Admin\AppData\Local\Temp\AskSLib.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\converter.exe C:\Users\Admin\AppData\Local\Temp\InitBDE.exe C:\Users\Admin\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe C:\Users\Admin\AppData\Local\Temp\isutldll.dll C:\Users\Admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Admin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Admin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Admin\AppData\Local\Temp\nvStInst.exe C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\xerces-c_2_5_0.dll C:\Users\Admin\AppData\Local\Temp\xmlDeployer.exe C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe C:\Users\Admin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Admin\AppData\Local\Temp\AskSLib.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 16:13 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014 Ran by Admin at 2014-11-11 20:33:08 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Framework-Sicherheitsrichtlinie für den Codezugriff auf Organisationsebene (x32 Version: 1.0.2411.0 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35 - Research in Motion Ltd.) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research in Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Forte Free 2.0 (HKLM-x32\...\Forte Free) (Version: 2.0 - Lugert Verlag) Griaule FingerCap USB Driver vr. 1.2 (HKLM-x32\...\{87cd3511-c592-4fba-92e1-54416b3c83cc}_is1) (Version: 1.2 - Griaule Biometrics LTDA.) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation) Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - ) Lenovo Mobile Access (HKLM-x32\...\{3F0501BE-3203-4001-8125-BAA857C92F51}) (Version: 3.1.0.1268 - Lenovo) Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo) Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB) Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation) NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) PC Connectivity Solution (HKLM-x32\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia) Pervasive System Analyzer (HKLM-x32\...\Pervasive System Analyzer) (Version: - ) Pervasive.SQL V8 Workgroup (v8.6) (HKLM-x32\...\{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}) (Version: 8.60.192.033 - Pervasive Software Inc. ) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - ) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) RapidBoot (x32 Version: 1.00 - Lenovo) Hidden Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Adminsas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Adminsas Electronics Corporation) Adminsas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Adminsas Electronics Corporation) Hidden Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited) RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH) Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.1.75100 - Sonos, Inc.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.) ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo) TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel) Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel) Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia) Windows-Treiberpaket - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 26-10-2014 18:23:42 Windows Update 30-10-2014 21:03:03 Windows Update 03-11-2014 19:20:49 Windows Update 08-11-2014 21:03:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 17:51 - 00000927 ____N C:\Windows\system32\Drivers\etc\hosts 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01DE19CD-575C-44F9-ACAA-FB80B591DA43} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] () Task: {20B2EBA7-7F55-425E-B96A-82DA1BE3AF27} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe Task: {236F039D-A77D-4A32-8E83-ACECE026A409} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-09] (PC-Doctor, Inc.) Task: {2F513886-F691-483B-9C15-942CEED0145E} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe Task: {302D7E33-BABE-4BAA-9C4D-13D8A0416C6F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo) Task: {391B750C-DE82-4840-94CC-1A679E58D581} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo) Task: {43D3E1CE-2E9B-499A-A082-BB49E9432B93} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo) Task: {59BB9DC0-ECFD-4134-AA16-D6BECB42BCEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {645D342F-CFB6-49CA-907F-61F5F518722F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-09] (PC-Doctor, Inc.) Task: {6AF1F617-785C-4D4E-B331-30A17609F0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {876D247D-5BE9-47E2-A776-52C0FF17C89C} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-09] () Task: {8DB7DAC7-2762-485F-BBC0-978A593E46BB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {8E17DF90-8B27-4203-8EA9-2F0A32C228FF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {93434123-DBBB-493B-BC62-52D2D4090AE2} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited) Task: {D4B8551F-B7AD-4FBB-A3BA-3003ED7305D9} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe Task: {DEB1CDDF-C58D-4C87-ABAB-1A55407CE073} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] () Task: {F4A4645B-220B-44E6-B49C-F824DAE278A1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-17 12:53 - 2010-12-17 12:53 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-06-20 10:43 - 2009-11-05 06:40 - 00085504 ____N () C:\Windows\System32\cpwmon64.dll 2014-05-27 23:37 - 2013-10-29 01:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-05-29 08:03 - 2014-03-20 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-05-29 07:59 - 2010-10-26 04:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2011-05-29 08:00 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe 2014-03-14 16:46 - 2014-03-14 16:46 - 00065880 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll 2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2011-05-29 07:59 - 2011-05-26 16:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 03289088 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1aa792a3\mscorlib.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02994176 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2d0ef846\system.windows.forms.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 01929216 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7ce1410a\system.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 00835584 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8fdc6bfc\system.drawing.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02076672 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_41100e0a\system.xml.dll 2014-11-07 12:55 - 2014-11-07 12:56 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-655141181-1604168393-1177880679-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-655141181-1604168393-1177880679-500 - Administrator - Disabled) ASPNET (S-1-5-21-655141181-1604168393-1177880679-1008 - Limited - Enabled) Gast (S-1-5-21-655141181-1604168393-1177880679-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655141181-1604168393-1177880679-1005 - Limited - Enabled) Admin (S-1-5-21-655141181-1604168393-1177880679-1003 - Limited - Enabled) => C:\Users\Admin Sonos (S-1-5-21-655141181-1604168393-1177880679-1009 - Limited - Enabled) tvsu_tmp_vlhaqUJFAL (S-1-5-21-655141181-1604168393-1177880679-1011 - Administrator - Enabled) UpdatusUser (S-1-5-21-655141181-1604168393-1177880679-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: MpKsl76dc7dea Description: MpKsl76dc7dea Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl76dc7dea Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 04:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 678776 Error: (11/11/2014 04:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 678776 Error: (11/11/2014 04:26:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 00:34:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/11/2014 00:37:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/11/2014 00:37:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/11/2014 00:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/11/2014 10:42:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/11/2014 10:42:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/11/2014 10:39:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/10/2014 05:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/10/2014 05:06:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/10/2014 05:01:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/09/2014 04:56:51 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "ADMIN-THINK :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.11 registriert werden. Der Computer mit IP-Adresse 192.168.1.125 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= Error: (09/09/2014 00:43:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 556 seconds with 240 seconds of active time. This session ended with a crash. Error: (09/09/2014 00:30:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 101 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/24/2014 11:31:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 695 seconds with 480 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:04:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:03:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 925 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:45:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:44:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 99433 seconds with 7620 seconds of active time. This session ended with a crash. Error: (03/06/2014 02:58:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 97816 seconds with 6720 seconds of active time. This session ended with a crash. Error: (01/11/2014 00:18:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20615 seconds with 7200 seconds of active time. This session ended with a crash. Error: (10/21/2013 09:59:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-01-17 23:03:50.567 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.526 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.396 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.343 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.166 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.103 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:49.834 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 60% Total physical RAM: 3979.23 MB Available physical RAM: 1570.42 MB Total Pagefile: 7956.65 MB Available Pagefile: 5150.58 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.96 GB) (Free:250.49 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A52CF50E) Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.11.2014, 20:37 | #2 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hier die Scan-Logs
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Admin (administrator) on ADMIN-THINK on 11-11-2014 20:31:08 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adminsas Electronics Corporation) C:\Program Files (x86)\Adminsas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hypersoft GmbH) C:\Hypers-!\TerminalCommander.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-01-07] (Conexant systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SearchProtection] => C:\ProgramData\Search Protection\_run.bat HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Adminsas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Adminsas Electronics Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\...\MountPoints2: {f68f5917-89be-11e0-846e-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hypersoft Terminal Commander.lnk ShortcutTarget: Hypersoft Terminal Commander.lnk -> C:\Hypers-!\MCP-!\TerminalCommander.exe (Hypersoft GmbH) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Lavasoft HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Home - Welcome to Lenovo HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Home - Welcome to Lenovo SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=717BCBDB32C44974AFB8835166AEA249&q={searchTerms} SearchScopes: HKCU - {DCA63C06-B30D-4178-93A3-8A3F957AFA11} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Hosts: 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default FF DefaultSearchEngine: SecureSearch FF SelectedSearchEngine: SecureSearch FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=717BCBDB32C44974AFB8835166AEA249&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default\Extensions\abs@avira.com [2014-10-26] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed] R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed] S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-11] (GFI Software) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-05-29] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S1 MpKsl76dc7dea; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFFF6FB5-18AA-43CF-9270-5C84A051484C}\MpKsl76dc7dea.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X] S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 20:31 - 2014-11-11 20:32 - 00022357 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-11-11 20:31 - 2014-11-11 20:31 - 00000000 ____D () C:\FRST 2014-11-11 20:30 - 2014-11-11 20:30 - 02116096 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-11-07 12:55 - 2014-11-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-29 18:03 - 2014-11-08 11:20 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-26 19:29 - 2014-10-26 19:29 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-10-26 19:29 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-26 19:28 - 2014-10-26 19:28 - 00000000 ____D () C:\Program Files\iPod 2014-10-26 19:23 - 2014-10-26 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-10-17 08:53 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-17 08:53 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-17 08:53 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-17 08:53 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-17 08:52 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-17 08:52 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 08:52 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-17 08:52 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 08:52 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 08:52 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-17 08:52 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 08:52 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-17 08:52 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-17 08:52 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-17 08:52 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-17 08:52 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-17 08:52 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-17 08:52 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-17 08:52 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-17 08:52 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-17 08:52 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-17 08:52 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-17 08:52 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-17 08:52 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-17 08:52 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-17 08:52 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-17 08:52 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-17 08:52 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-17 08:52 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-17 08:52 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-17 08:52 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-17 08:52 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-17 08:52 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-17 08:52 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-17 08:52 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-17 08:52 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-17 08:52 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-17 08:52 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-17 08:52 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-17 08:52 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-17 08:52 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-17 08:52 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-17 08:52 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-17 08:52 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-17 08:52 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-17 08:52 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-17 08:52 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-17 08:52 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-17 08:52 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-17 08:52 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-17 08:52 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-17 08:52 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-17 08:52 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-17 08:52 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-17 08:52 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-17 08:52 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-17 08:52 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-17 08:52 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-17 08:52 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-17 08:52 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-17 08:52 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-17 08:52 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-17 08:52 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-17 08:50 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-17 08:50 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-17 08:49 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-17 08:49 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-17 08:49 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-17 08:49 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-17 08:49 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-17 08:49 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-17 08:49 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-17 08:49 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-17 08:49 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-17 08:48 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-17 08:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-17 08:48 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-17 08:48 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 20:29 - 2009-07-14 05:51 - 00233716 _____ () C:\Windows\setupact.log 2014-11-11 20:27 - 2011-05-29 08:11 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-11-11 20:25 - 2013-03-01 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-11 20:23 - 2011-05-29 08:11 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-11-11 20:21 - 2011-11-28 12:53 - 00073226 _____ () C:\Windows\pvsw.log 2014-11-11 20:20 - 2011-07-06 14:25 - 00000000 ____D () C:\Hypers-! 2014-11-11 20:17 - 2011-05-29 07:49 - 01454533 _____ () C:\Windows\WindowsUpdate.log 2014-11-11 16:28 - 2011-05-29 17:39 - 08554878 _____ () C:\Windows\system32\perfh007.dat 2014-11-11 16:28 - 2011-05-29 17:39 - 02677158 _____ () C:\Windows\system32\perfc007.dat 2014-11-11 16:28 - 2009-07-14 06:13 - 02778498 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-11 12:53 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:53 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 12:34 - 2011-05-29 08:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-11 12:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-10 17:00 - 2013-03-01 01:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-09 21:27 - 2011-06-20 10:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\CutePDF Writer 2014-11-09 16:31 - 2014-06-19 22:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\MobileAccess 2014-11-08 11:20 - 2014-08-08 15:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-08 11:20 - 2013-03-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-08 11:20 - 2013-03-01 00:32 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-06 19:30 - 2009-07-14 03:34 - 00000759 _____ () C:\Windows\win.ini 2014-11-06 18:18 - 2011-06-17 21:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-11-05 17:51 - 2011-06-20 14:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help 2014-11-04 18:42 - 2011-06-17 09:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-11-01 00:48 - 2011-09-05 23:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 19:28 - 2014-05-10 22:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-26 19:28 - 2011-06-17 09:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-10-21 09:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-20 08:44 - 2014-06-19 22:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LSC 2014-10-17 11:36 - 2009-07-14 05:45 - 00457792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 11:34 - 2014-05-01 08:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-17 09:39 - 2011-06-17 08:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-17 09:35 - 2013-11-26 10:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 09:30 - 2013-11-26 10:48 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 09:12 - 2013-05-02 09:41 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-14 09:12 - 2013-03-27 13:16 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-14 09:12 - 2013-03-27 13:16 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-12 21:56 - 2014-05-27 23:49 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2014-10-12 21:56 - 2011-05-29 17:20 - 00000000 ____D () C:\ProgramData\Lenovo 2014-10-12 21:56 - 2011-05-29 07:55 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2014-10-12 21:56 - 2011-05-29 07:54 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-10-12 21:55 - 2011-05-29 08:09 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-10-12 21:51 - 2014-06-19 22:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Lenovo Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\2d4b81b2-bd03-4417-9627-a605e8d0d3c3.exe C:\Users\Admin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Admin\AppData\Local\Temp\AskSLib.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\converter.exe C:\Users\Admin\AppData\Local\Temp\InitBDE.exe C:\Users\Admin\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe C:\Users\Admin\AppData\Local\Temp\isutldll.dll C:\Users\Admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Admin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Admin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Admin\AppData\Local\Temp\nvStInst.exe C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\xerces-c_2_5_0.dll C:\Users\Admin\AppData\Local\Temp\xmlDeployer.exe C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe C:\Users\Admin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Admin\AppData\Local\Temp\AskSLib.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 16:13 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014 Ran by Admin at 2014-11-11 20:33:08 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Framework-Sicherheitsrichtlinie für den Codezugriff auf Organisationsebene (x32 Version: 1.0.2411.0 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35 - Research in Motion Ltd.) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research in Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Forte Free 2.0 (HKLM-x32\...\Forte Free) (Version: 2.0 - Lugert Verlag) Griaule FingerCap USB Driver vr. 1.2 (HKLM-x32\...\{87cd3511-c592-4fba-92e1-54416b3c83cc}_is1) (Version: 1.2 - Griaule Biometrics LTDA.) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation) Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - ) Lenovo Mobile Access (HKLM-x32\...\{3F0501BE-3203-4001-8125-BAA857C92F51}) (Version: 3.1.0.1268 - Lenovo) Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo) Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB) Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation) NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) PC Connectivity Solution (HKLM-x32\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia) Pervasive System Analyzer (HKLM-x32\...\Pervasive System Analyzer) (Version: - ) Pervasive.SQL V8 Workgroup (v8.6) (HKLM-x32\...\{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}) (Version: 8.60.192.033 - Pervasive Software Inc. ) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - ) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) RapidBoot (x32 Version: 1.00 - Lenovo) Hidden Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Adminsas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Adminsas Electronics Corporation) Adminsas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Adminsas Electronics Corporation) Hidden Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited) RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH) Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.1.75100 - Sonos, Inc.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.) ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo) TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel) Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel) Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia) Windows-Treiberpaket - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 26-10-2014 18:23:42 Windows Update 30-10-2014 21:03:03 Windows Update 03-11-2014 19:20:49 Windows Update 08-11-2014 21:03:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 17:51 - 00000927 ____N C:\Windows\system32\Drivers\etc\hosts 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01DE19CD-575C-44F9-ACAA-FB80B591DA43} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] () Task: {20B2EBA7-7F55-425E-B96A-82DA1BE3AF27} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe Task: {236F039D-A77D-4A32-8E83-ACECE026A409} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-09] (PC-Doctor, Inc.) Task: {2F513886-F691-483B-9C15-942CEED0145E} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe Task: {302D7E33-BABE-4BAA-9C4D-13D8A0416C6F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo) Task: {391B750C-DE82-4840-94CC-1A679E58D581} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo) Task: {43D3E1CE-2E9B-499A-A082-BB49E9432B93} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo) Task: {59BB9DC0-ECFD-4134-AA16-D6BECB42BCEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {645D342F-CFB6-49CA-907F-61F5F518722F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-09] (PC-Doctor, Inc.) Task: {6AF1F617-785C-4D4E-B331-30A17609F0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {876D247D-5BE9-47E2-A776-52C0FF17C89C} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-09] () Task: {8DB7DAC7-2762-485F-BBC0-978A593E46BB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {8E17DF90-8B27-4203-8EA9-2F0A32C228FF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {93434123-DBBB-493B-BC62-52D2D4090AE2} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited) Task: {D4B8551F-B7AD-4FBB-A3BA-3003ED7305D9} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe Task: {DEB1CDDF-C58D-4C87-ABAB-1A55407CE073} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] () Task: {F4A4645B-220B-44E6-B49C-F824DAE278A1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-17 12:53 - 2010-12-17 12:53 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-06-20 10:43 - 2009-11-05 06:40 - 00085504 ____N () C:\Windows\System32\cpwmon64.dll 2014-05-27 23:37 - 2013-10-29 01:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-05-29 08:03 - 2014-03-20 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-05-29 07:59 - 2010-10-26 04:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2011-05-29 08:00 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe 2014-03-14 16:46 - 2014-03-14 16:46 - 00065880 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll 2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2011-05-29 07:59 - 2011-05-26 16:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 03289088 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1aa792a3\mscorlib.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02994176 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2d0ef846\system.windows.forms.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 01929216 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7ce1410a\system.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 00835584 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8fdc6bfc\system.drawing.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02076672 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_41100e0a\system.xml.dll 2014-11-07 12:55 - 2014-11-07 12:56 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-655141181-1604168393-1177880679-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-655141181-1604168393-1177880679-500 - Administrator - Disabled) ASPNET (S-1-5-21-655141181-1604168393-1177880679-1008 - Limited - Enabled) Gast (S-1-5-21-655141181-1604168393-1177880679-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655141181-1604168393-1177880679-1005 - Limited - Enabled) Admin (S-1-5-21-655141181-1604168393-1177880679-1003 - Limited - Enabled) => C:\Users\Admin Sonos (S-1-5-21-655141181-1604168393-1177880679-1009 - Limited - Enabled) tvsu_tmp_vlhaqUJFAL (S-1-5-21-655141181-1604168393-1177880679-1011 - Administrator - Enabled) UpdatusUser (S-1-5-21-655141181-1604168393-1177880679-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: MpKsl76dc7dea Description: MpKsl76dc7dea Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl76dc7dea Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 04:28:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 04:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 678776 Error: (11/11/2014 04:26:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 678776 Error: (11/11/2014 04:26:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 00:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/11/2014 00:34:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/11/2014 00:37:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/11/2014 00:37:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/11/2014 00:33:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/11/2014 10:42:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/11/2014 10:42:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/11/2014 10:39:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/10/2014 05:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/10/2014 05:06:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/10/2014 05:01:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/09/2014 04:56:51 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "ADMIN-THINK :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.11 registriert werden. Der Computer mit IP-Adresse 192.168.1.125 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= Error: (09/09/2014 00:43:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 556 seconds with 240 seconds of active time. This session ended with a crash. Error: (09/09/2014 00:30:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 101 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/24/2014 11:31:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 695 seconds with 480 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:04:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:03:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 925 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:45:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:44:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 99433 seconds with 7620 seconds of active time. This session ended with a crash. Error: (03/06/2014 02:58:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 97816 seconds with 6720 seconds of active time. This session ended with a crash. Error: (01/11/2014 00:18:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20615 seconds with 7200 seconds of active time. This session ended with a crash. Error: (10/21/2013 09:59:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-01-17 23:03:50.567 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.526 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.396 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.343 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.166 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.103 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:49.834 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 60% Total physical RAM: 3979.23 MB Available physical RAM: 1570.42 MB Total Pagefile: 7956.65 MB Available Pagefile: 5150.58 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.96 GB) (Free:250.49 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A52CF50E) Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.11.2014, 21:51 | #3 |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
11.11.2014, 22:15 | #4 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen 22:12:03.0930 0x1c08 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 22:12:06.0968 0x1c08 ============================================================ 22:12:06.0968 0x1c08 Current date / time: 2014/11/11 22:12:06.0968 22:12:06.0968 0x1c08 SystemInfo: 22:12:06.0968 0x1c08 22:12:06.0968 0x1c08 OS Version: 6.1.7601 ServicePack: 1.0 22:12:06.0968 0x1c08 Product type: Workstation 22:12:06.0969 0x1c08 ComputerName: ADMIN-THINK 22:12:06.0969 0x1c08 UserName: Admin 22:12:06.0969 0x1c08 Windows directory: C:\Windows 22:12:06.0969 0x1c08 System windows directory: C:\Windows 22:12:06.0969 0x1c08 Running under WOW64 22:12:06.0969 0x1c08 Processor architecture: Intel x64 22:12:06.0969 0x1c08 Number of processors: 8 22:12:06.0969 0x1c08 Page size: 0x1000 22:12:06.0969 0x1c08 Boot type: Normal boot 22:12:06.0969 0x1c08 ============================================================ 22:12:07.0533 0x1c08 KLMD registered as C:\Windows\system32\drivers\84198265.sys 22:12:08.0015 0x1c08 System UUID: {13AA4333-9105-4DF6-F86A-09353E52DA01} 22:12:08.0970 0x1c08 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:12:08.0981 0x1c08 ============================================================ 22:12:08.0981 0x1c08 \Device\Harddisk0\DR0: 22:12:08.0982 0x1c08 MBR partitions: 22:12:08.0982 0x1c08 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 22:12:08.0982 0x1c08 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x381ED000 22:12:08.0982 0x1c08 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000 22:12:08.0982 0x1c08 ============================================================ 22:12:09.0001 0x1c08 C: <-> \Device\Harddisk0\DR0\Partition2 22:12:09.0052 0x1c08 Q: <-> \Device\Harddisk0\DR0\Partition3 22:12:09.0052 0x1c08 ============================================================ 22:12:09.0052 0x1c08 Initialize success 22:12:09.0052 0x1c08 ============================================================ 22:12:45.0337 0x1dd4 ============================================================ 22:12:45.0337 0x1dd4 Scan started 22:12:45.0337 0x1dd4 Mode: Manual; SigCheck; TDLFS; 22:12:45.0337 0x1dd4 ============================================================ 22:12:45.0337 0x1dd4 KSN ping started 22:12:47.0855 0x1dd4 KSN ping finished: true 22:12:48.0596 0x1dd4 ================ Scan system memory ======================== 22:12:48.0596 0x1dd4 System memory - ok 22:12:48.0597 0x1dd4 ================ Scan services ============================= |
11.11.2014, 22:16 | #5 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen 22:12:48.0780 0x1dd4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 22:12:48.0907 0x1dd4 1394ohci - ok 22:12:48.0983 0x1dd4 [ F4AF97702BAD85BFEF64B9A557F11B6F, 8255B2FBE64C60562A7DAAAD575EED49EE0D23DD42E5C76C988B8A3673843EA6 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 22:12:49.0036 0x1dd4 5U877 - ok 22:12:49.0077 0x1dd4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:12:49.0108 0x1dd4 ACPI - ok 22:12:49.0140 0x1dd4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:12:49.0204 0x1dd4 AcpiPmi - ok 22:12:49.0324 0x1dd4 [ 81FDE4250DA1720657A42C2020B1AA28, 0E35C692347A576B41ADC45D922AF6B9F0A7F857E94A50842873A55D21F4C9D0 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 22:12:49.0345 0x1dd4 AcPrfMgrSvc - ok 22:12:49.0377 0x1dd4 [ 01A8EAA10F8B827F59CF506A97EC37C0, 44351082300A5B3A90F742F5C39AFF219D5FCF2F94CA7785DB2762AEB854212E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 22:12:49.0401 0x1dd4 AcSvc - ok 22:12:49.0489 0x1dd4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:12:49.0507 0x1dd4 AdobeARMservice - ok 22:12:49.0623 0x1dd4 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:12:49.0648 0x1dd4 AdobeFlashPlayerUpdateSvc - ok 22:12:49.0706 0x1dd4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:12:49.0743 0x1dd4 adp94xx - ok 22:12:49.0783 0x1dd4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:12:49.0812 0x1dd4 adpahci - ok 22:12:49.0863 0x1dd4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:12:49.0886 0x1dd4 adpu320 - ok 22:12:49.0925 0x1dd4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:12:50.0106 0x1dd4 AeLookupSvc - ok 22:12:50.0186 0x1dd4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 22:12:50.0236 0x1dd4 AFD - ok 22:12:50.0262 0x1dd4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 22:12:50.0281 0x1dd4 agp440 - ok 22:12:50.0299 0x1dd4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 22:12:50.0358 0x1dd4 ALG - ok 22:12:50.0409 0x1dd4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 22:12:50.0428 0x1dd4 aliide - ok 22:12:50.0467 0x1dd4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 22:12:50.0485 0x1dd4 amdide - ok 22:12:50.0512 0x1dd4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:12:50.0535 0x1dd4 AmdK8 - ok 22:12:50.0542 0x1dd4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 22:12:50.0592 0x1dd4 AmdPPM - ok 22:12:50.0617 0x1dd4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:12:50.0638 0x1dd4 amdsata - ok 22:12:50.0657 0x1dd4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:12:50.0681 0x1dd4 amdsbs - ok 22:12:50.0698 0x1dd4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:12:50.0715 0x1dd4 amdxata - ok 22:12:50.0850 0x1dd4 [ 6F1BBF101B6DC9D34A564C2009D83B63, 1679D48C5A2CE6434E09F1D1330E616F8130C7A0ADF5C14D847CCEABDDA2950E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:12:50.0901 0x1dd4 AntiVirSchedulerService - ok 22:12:50.0964 0x1dd4 [ 6F1BBF101B6DC9D34A564C2009D83B63, 1679D48C5A2CE6434E09F1D1330E616F8130C7A0ADF5C14D847CCEABDDA2950E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:12:50.0994 0x1dd4 AntiVirService - ok 22:12:51.0029 0x1dd4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 22:12:51.0202 0x1dd4 AppID - ok 22:12:51.0224 0x1dd4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:12:51.0308 0x1dd4 AppIDSvc - ok 22:12:51.0349 0x1dd4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 22:12:51.0397 0x1dd4 Appinfo - ok 22:12:51.0477 0x1dd4 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:12:51.0494 0x1dd4 Apple Mobile Device - ok 22:12:51.0527 0x1dd4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 22:12:51.0584 0x1dd4 AppMgmt - ok 22:12:51.0611 0x1dd4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 22:12:51.0630 0x1dd4 arc - ok 22:12:51.0658 0x1dd4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:12:51.0677 0x1dd4 arcsas - ok 22:12:51.0773 0x1dd4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:12:51.0797 0x1dd4 aspnet_state - ok 22:12:51.0823 0x1dd4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:12:51.0878 0x1dd4 AsyncMac - ok 22:12:51.0910 0x1dd4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 22:12:51.0926 0x1dd4 atapi - ok 22:12:51.0987 0x1dd4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:12:52.0069 0x1dd4 AudioEndpointBuilder - ok 22:12:52.0110 0x1dd4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:12:52.0193 0x1dd4 AudioSrv - ok 22:12:52.0228 0x1dd4 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:12:52.0252 0x1dd4 avgntflt - ok 22:12:52.0313 0x1dd4 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:12:52.0335 0x1dd4 avipbb - ok 22:12:52.0395 0x1dd4 [ F21955927D1C99206A8B91DE2CCE85E1, 26A6155CF46123C489CBE19B5B3E3B0D9ED02C9388E57058724B0FFB7D7C08B5 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe 22:12:52.0415 0x1dd4 Avira.OE.ServiceHost - ok 22:12:52.0428 0x1dd4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:12:52.0444 0x1dd4 avkmgr - ok 22:12:52.0493 0x1dd4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:12:52.0581 0x1dd4 AxInstSV - ok 22:12:52.0633 0x1dd4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:12:52.0705 0x1dd4 b06bdrv - ok 22:12:52.0740 0x1dd4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:12:52.0788 0x1dd4 b57nd60a - ok 22:12:52.0836 0x1dd4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 22:12:52.0890 0x1dd4 BDESVC - ok 22:12:52.0906 0x1dd4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 22:12:52.0975 0x1dd4 Beep - ok 22:12:53.0033 0x1dd4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 22:12:53.0113 0x1dd4 BFE - ok 22:12:53.0177 0x1dd4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 22:12:53.0280 0x1dd4 BITS - ok 22:12:53.0324 0x1dd4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:12:53.0345 0x1dd4 blbdrive - ok 22:12:53.0421 0x1dd4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:12:53.0453 0x1dd4 Bonjour Service - ok 22:12:53.0476 0x1dd4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:12:53.0509 0x1dd4 bowser - ok 22:12:53.0535 0x1dd4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 22:12:53.0570 0x1dd4 BrFiltLo - ok 22:12:53.0585 0x1dd4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 22:12:53.0626 0x1dd4 BrFiltUp - ok 22:12:53.0685 0x1dd4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 22:12:53.0720 0x1dd4 Browser - ok 22:12:53.0751 0x1dd4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:12:53.0810 0x1dd4 Brserid - ok 22:12:53.0824 0x1dd4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:12:53.0867 0x1dd4 BrSerWdm - ok 22:12:53.0887 0x1dd4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:12:53.0927 0x1dd4 BrUsbMdm - ok 22:12:53.0946 0x1dd4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:12:53.0978 0x1dd4 BrUsbSer - ok 22:12:54.0009 0x1dd4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 22:12:54.0041 0x1dd4 BthEnum - ok 22:12:54.0055 0x1dd4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:12:54.0101 0x1dd4 BTHMODEM - ok 22:12:54.0135 0x1dd4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 22:12:54.0176 0x1dd4 BthPan - ok 22:12:54.0238 0x1dd4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 22:12:54.0292 0x1dd4 BTHPORT - ok 22:12:54.0328 0x1dd4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 22:12:54.0401 0x1dd4 bthserv - ok 22:12:54.0410 0x1dd4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 22:12:54.0437 0x1dd4 BTHUSB - ok 22:12:54.0499 0x1dd4 [ 8834F87A6A745872894DF8223201A6C3, B8C26E11EAAB4A93E4241B4B6F00C1CA05501011E28D6A06D4B009BA4E3AB7CD ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 22:12:54.0530 0x1dd4 BTWAMPFL - ok 22:12:54.0547 0x1dd4 [ 9863D82ECBEC6106D377ED73680D99D8, 27DA7335BB14BBF9DC627C8F97ED59BA3479E5E084704AE4C16B1A3E67CB184C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 22:12:54.0566 0x1dd4 btwaudio - ok 22:12:54.0603 0x1dd4 [ 3432DD66AE75AB2DE6D0527AD78DBFC7, C2DEB409CDA3621E33E429E592A81E09095C52CDCE36732C9BEA00B92994E44D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 22:12:54.0624 0x1dd4 btwavdt - ok 22:12:54.0697 0x1dd4 [ EB4AFE08FB39BB444F221D7D501E0915, 2AF8ECEEAB5A0E972660C1553B555E49C49F19500ABD67DFEB9BEBA7E577A700 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 22:12:54.0747 0x1dd4 btwdins - ok 22:12:54.0778 0x1dd4 [ 382DC5A631CED0462EA09B7EB898BDBF, 7457145E194310F4EB9273471EA41100D3A1448BC2A366064B25A212B389AACB ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 22:12:54.0793 0x1dd4 btwl2cap - ok 22:12:54.0810 0x1dd4 [ 13A9C2CEDD44C175E6CA39A536795CA6, 13D6D24C2127E6A5E9AB2DFAA9729D57AA6CFCC72DFACF78E4DE7E63ABA122DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 22:12:54.0824 0x1dd4 btwrchid - ok 22:12:54.0866 0x1dd4 [ 48360B88C4BF45850653BB7C86888ED4, 454C2DD81BFCC7FF4819CDFE3C5506E31A3FE86B06FB18009783CD2FEA74B0BF ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys 22:12:54.0919 0x1dd4 CAXHWAZL - ok 22:12:54.0946 0x1dd4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:12:55.0019 0x1dd4 cdfs - ok 22:12:55.0055 0x1dd4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:12:55.0100 0x1dd4 cdrom - ok 22:12:55.0134 0x1dd4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 22:12:55.0202 0x1dd4 CertPropSvc - ok 22:12:55.0221 0x1dd4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 22:12:55.0275 0x1dd4 circlass - ok 22:12:55.0310 0x1dd4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 22:12:55.0341 0x1dd4 CLFS - ok 22:12:55.0396 0x1dd4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:12:55.0415 0x1dd4 clr_optimization_v2.0.50727_32 - ok 22:12:55.0460 0x1dd4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:12:55.0480 0x1dd4 clr_optimization_v2.0.50727_64 - ok 22:12:55.0547 0x1dd4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:12:55.0570 0x1dd4 clr_optimization_v4.0.30319_32 - ok 22:12:55.0613 0x1dd4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:12:55.0636 0x1dd4 clr_optimization_v4.0.30319_64 - ok 22:12:55.0657 0x1dd4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:12:55.0699 0x1dd4 CmBatt - ok 22:12:55.0719 0x1dd4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:12:55.0736 0x1dd4 cmdide - ok 22:12:55.0795 0x1dd4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 22:12:55.0868 0x1dd4 CNG - ok 22:12:56.0008 0x1dd4 [ 5BEC441B6B91E874C987C06F98176D90, FA4B523271947AE908C41BA2ABB1E4871359C8DE21E0ECC2B4CD49F734EF8FB4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 22:12:56.0087 0x1dd4 CnxtHdAudService - ok 22:12:56.0121 0x1dd4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:12:56.0138 0x1dd4 Compbatt - ok 22:12:56.0164 0x1dd4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 22:12:56.0189 0x1dd4 CompositeBus - ok 22:12:56.0198 0x1dd4 COMSysApp - ok 22:12:56.0213 0x1dd4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:12:56.0230 0x1dd4 crcdisk - ok 22:12:56.0292 0x1dd4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:12:56.0325 0x1dd4 CryptSvc - ok 22:12:56.0357 0x1dd4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 22:12:56.0429 0x1dd4 CSC - ok 22:12:56.0482 0x1dd4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 22:12:56.0551 0x1dd4 CscService - ok 22:12:56.0593 0x1dd4 [ 9D0D050170D47E778B624A28C90F23DE, 48528AA9EB0C9FB5086D992EF1F9556C8249D267C2E3D4E681D5C8B6BC316C71 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 22:12:56.0616 0x1dd4 CxAudMsg - ok 22:12:56.0662 0x1dd4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:12:56.0750 0x1dd4 DcomLaunch - ok 22:12:56.0782 0x1dd4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 22:12:56.0870 0x1dd4 defragsvc - ok 22:12:56.0895 0x1dd4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:12:56.0951 0x1dd4 DfsC - ok 22:12:56.0983 0x1dd4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 22:12:57.0042 0x1dd4 Dhcp - ok 22:12:57.0057 0x1dd4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 22:12:57.0137 0x1dd4 discache - ok 22:12:57.0155 0x1dd4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 22:12:57.0174 0x1dd4 Disk - ok 22:12:57.0190 0x1dd4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 22:12:57.0245 0x1dd4 dmvsc - ok 22:12:57.0279 0x1dd4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:12:57.0329 0x1dd4 Dnscache - ok 22:12:57.0367 0x1dd4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 22:12:57.0444 0x1dd4 dot3svc - ok 22:12:57.0473 0x1dd4 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 22:12:57.0502 0x1dd4 Dot4 - ok 22:12:57.0539 0x1dd4 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 22:12:57.0578 0x1dd4 Dot4Print - ok 22:12:57.0594 0x1dd4 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 22:12:57.0625 0x1dd4 dot4usb - ok 22:12:57.0687 0x1dd4 [ 54188DC0CB4541CFC3C6FD90ACE361DA, 340D1DEFF91A9A45F7F2B239EE540AE05C007E270F20C5BB2CCF67690398F4B8 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 22:12:57.0718 0x1dd4 DozeSvc - ok 22:12:57.0765 0x1dd4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 22:12:57.0812 0x1dd4 DPS - ok 22:12:57.0874 0x1dd4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:12:57.0921 0x1dd4 drmkaud - ok 22:12:57.0999 0x1dd4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:12:58.0061 0x1dd4 DXGKrnl - ok 22:12:58.0093 0x1dd4 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys 22:12:58.0108 0x1dd4 DzHDD64 - ok 22:12:58.0186 0x1dd4 [ DEC1AADBA0AF70E6DE59ABD809461317, 8D21009AD9AE1CB575565C9F27916AA012DA5F3C9C8BC3F3AF89B336B7B518E4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 22:12:58.0217 0x1dd4 e1cexpress - ok 22:12:58.0249 0x1dd4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 22:12:58.0327 0x1dd4 EapHost - ok 22:12:58.0498 0x1dd4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:12:58.0670 0x1dd4 ebdrv - ok 22:12:58.0701 0x1dd4 [ F88F2E5806FC405B0FA94B7947A5875E, 292DA82C308C9F9775DF4E2C8FDE726D4BA6B224049C113809422EDE07919248 ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys 22:12:58.0717 0x1dd4 ecnssndis - ok 22:12:58.0732 0x1dd4 [ C8CD88218EFC28F7E44A9892B3E97F4D, 3C84997B657808BBE1A9B9AD5EB8E1900ED703D67C3CE66F85BA0BADDA616CD8 ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys 22:12:58.0748 0x1dd4 ecnssndisfltr - ok 22:12:58.0810 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe 22:12:58.0841 0x1dd4 EFS - ok 22:12:58.0919 0x1dd4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:12:59.0013 0x1dd4 ehRecvr - ok 22:12:59.0044 0x1dd4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 22:12:59.0091 0x1dd4 ehSched - ok 22:12:59.0138 0x1dd4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:12:59.0169 0x1dd4 elxstor - ok 22:12:59.0200 0x1dd4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:12:59.0216 0x1dd4 ErrDev - ok 22:12:59.0263 0x1dd4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 22:12:59.0341 0x1dd4 EventSystem - ok 22:12:59.0481 0x1dd4 [ 8B6C9924B0D333DBF76086B8258A0891, 61A629A0BF00040F8E2B0588657FFA8C78C137B1B0F6CB92CFCC9B9E29630E0C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 22:12:59.0543 0x1dd4 EvtEng - ok 22:12:59.0575 0x1dd4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 22:12:59.0637 0x1dd4 exfat - ok 22:12:59.0668 0x1dd4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:12:59.0746 0x1dd4 fastfat - ok 22:12:59.0793 0x1dd4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 22:12:59.0855 0x1dd4 Fax - ok 22:12:59.0871 0x1dd4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 22:12:59.0887 0x1dd4 fdc - ok 22:12:59.0902 0x1dd4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 22:12:59.0965 0x1dd4 fdPHost - ok 22:12:59.0980 0x1dd4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 22:13:00.0058 0x1dd4 FDResPub - ok 22:13:00.0089 0x1dd4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:13:00.0105 0x1dd4 FileInfo - ok 22:13:00.0121 0x1dd4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:13:00.0199 0x1dd4 Filetrace - ok 22:13:00.0214 0x1dd4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 22:13:00.0245 0x1dd4 flpydisk - ok 22:13:00.0277 0x1dd4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:13:00.0308 0x1dd4 FltMgr - ok 22:13:00.0401 0x1dd4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 22:13:00.0479 0x1dd4 FontCache - ok 22:13:00.0526 0x1dd4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:13:00.0542 0x1dd4 FontCache3.0.0.0 - ok 22:13:00.0557 0x1dd4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:13:00.0573 0x1dd4 FsDepends - ok 22:13:00.0604 0x1dd4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:13:00.0620 0x1dd4 Fs_Rec - ok 22:13:00.0682 0x1dd4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:13:00.0713 0x1dd4 fvevol - ok 22:13:00.0729 0x1dd4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:13:00.0745 0x1dd4 gagp30kx - ok 22:13:00.0791 0x1dd4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:13:00.0807 0x1dd4 GEARAspiWDM - ok 22:13:00.0854 0x1dd4 [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto C:\Windows\system32\drivers\gfibto.sys 22:13:00.0869 0x1dd4 gfibto - ok 22:13:00.0932 0x1dd4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 22:13:01.0041 0x1dd4 gpsvc - ok 22:13:01.0057 0x1dd4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:13:01.0103 0x1dd4 hcw85cir - ok 22:13:01.0135 0x1dd4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:13:01.0197 0x1dd4 HdAudAddService - ok 22:13:01.0228 0x1dd4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:13:01.0275 0x1dd4 HDAudBus - ok 22:13:01.0291 0x1dd4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 22:13:01.0337 0x1dd4 HidBatt - ok 22:13:01.0353 0x1dd4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:13:01.0400 0x1dd4 HidBth - ok 22:13:01.0431 0x1dd4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 22:13:01.0462 0x1dd4 HidIr - ok 22:13:01.0493 0x1dd4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 22:13:01.0556 0x1dd4 hidserv - ok 22:13:01.0603 0x1dd4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:13:01.0634 0x1dd4 HidUsb - ok 22:13:01.0665 0x1dd4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:13:01.0743 0x1dd4 hkmsvc - ok 22:13:01.0774 0x1dd4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:13:01.0805 0x1dd4 HomeGroupListener - ok 22:13:01.0837 0x1dd4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:13:01.0868 0x1dd4 HomeGroupProvider - ok 22:13:01.0883 0x1dd4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:13:01.0899 0x1dd4 HpSAMD - ok 22:13:02.0009 0x1dd4 [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll 22:13:02.0040 0x1dd4 HsfXAudioService - ok 22:13:02.0134 0x1dd4 [ F6AC1087A131FBB385400667BEA64FBE, 131661287953708893FE564602E8ED6832B96CCA523C205EDE0C9E82DD930178 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys 22:13:02.0212 0x1dd4 HSF_DPV - ok 22:13:02.0259 0x1dd4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:13:02.0368 0x1dd4 HTTP - ok 22:13:02.0384 0x1dd4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:13:02.0399 0x1dd4 hwpolicy - ok 22:13:02.0446 0x1dd4 [ 9149907FF8681AD6475607EEBF62DD2F, F3F766ED689BCD69DC8BC705FF08BE9830B562D8CB85AD74A12FE370F5DA9668 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 22:13:02.0462 0x1dd4 HyperW7Svc - ok 22:13:02.0477 0x1dd4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:13:02.0508 0x1dd4 i8042prt - ok 22:13:02.0586 0x1dd4 [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor C:\Windows\system32\drivers\iaStor.sys 22:13:02.0618 0x1dd4 iaStor - ok 22:13:02.0664 0x1dd4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:13:02.0711 0x1dd4 iaStorV - ok 22:13:02.0742 0x1dd4 [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 22:13:02.0758 0x1dd4 IBMPMDRV - ok 22:13:02.0774 0x1dd4 [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 22:13:02.0789 0x1dd4 IBMPMSVC - ok 22:13:02.0883 0x1dd4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:13:02.0930 0x1dd4 idsvc - ok 22:13:02.0961 0x1dd4 IEEtwCollectorService - ok 22:13:03.0538 0x1dd4 [ 978D876A581D57E0DE6437674EB0014D, CDE6F41D75177F9A1F3AF6B576320B93906E33133FF8568FCB1148568FE78BF3 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:13:04.0193 0x1dd4 igfx - ok 22:13:04.0224 0x1dd4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:13:04.0240 0x1dd4 iirsp - ok 22:13:04.0318 0x1dd4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 22:13:04.0396 0x1dd4 IKEEXT - ok 22:13:04.0443 0x1dd4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 22:13:04.0458 0x1dd4 intelide - ok 22:13:04.0490 0x1dd4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:13:04.0521 0x1dd4 intelppm - ok 22:13:04.0568 0x1dd4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:13:04.0614 0x1dd4 IPBusEnum - ok 22:13:04.0646 0x1dd4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:13:04.0692 0x1dd4 IpFilterDriver - ok 22:13:04.0755 0x1dd4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:13:04.0817 0x1dd4 iphlpsvc - ok 22:13:04.0833 0x1dd4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:13:04.0864 0x1dd4 IPMIDRV - ok 22:13:04.0911 0x1dd4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:13:04.0958 0x1dd4 IPNAT - ok 22:13:05.0036 0x1dd4 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:13:05.0067 0x1dd4 iPod Service - ok 22:13:05.0098 0x1dd4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:13:05.0114 0x1dd4 IRENUM - ok 22:13:05.0129 0x1dd4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:13:05.0145 0x1dd4 isapnp - ok 22:13:05.0192 0x1dd4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:13:05.0223 0x1dd4 iScsiPrt - ok 22:13:05.0285 0x1dd4 [ 52C53FBE7F08499D166E8513FD1A5E01, FDE6A6CDBD0C56890355EB7EA21C1E9585E21D1385DC2FD0559BBBDB4C002513 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 22:13:05.0316 0x1dd4 jhi_service - ok 22:13:05.0332 0x1dd4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:13:05.0348 0x1dd4 kbdclass - ok 22:13:05.0379 0x1dd4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:13:05.0394 0x1dd4 kbdhid - ok 22:13:05.0410 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe 22:13:05.0426 0x1dd4 KeyIso - ok 22:13:05.0472 0x1dd4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:13:05.0488 0x1dd4 KSecDD - ok 22:13:05.0519 0x1dd4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:13:05.0535 0x1dd4 KSecPkg - ok 22:13:05.0550 0x1dd4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:13:05.0613 0x1dd4 ksthunk - ok 22:13:06.0892 0x1dd4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 22:13:06.0970 0x1dd4 KtmRm - ok 22:13:07.0017 0x1dd4 [ F761A831C9DC8D0204B7FB43E3A896B7, 9739FC721C774C0C754D0E558D39A77FF8B976CC98C044CB4D16446A9AF3E0A1 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys 22:13:07.0032 0x1dd4 l36wgps - ok 22:13:07.0064 0x1dd4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:13:07.0142 0x1dd4 LanmanServer - ok 22:13:07.0173 0x1dd4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:13:07.0251 0x1dd4 LanmanWorkstation - ok 22:13:07.0298 0x1dd4 [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 22:13:07.0313 0x1dd4 LENOVO.CAMMUTE - ok 22:13:07.0376 0x1dd4 [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 22:13:07.0391 0x1dd4 LENOVO.MICMUTE - ok 22:13:07.0422 0x1dd4 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 22:13:07.0454 0x1dd4 lenovo.smi - ok 22:13:07.0469 0x1dd4 [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 22:13:07.0485 0x1dd4 LENOVO.TPKNRSVC - ok 22:13:07.0500 0x1dd4 [ 6F2CC57EB5836D2AC9BD37F3554D55F8, C877F63AACA68AD3505EC4A8B8916FA2E07C2CB29E74FA368A103F612E18499E ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 22:13:07.0516 0x1dd4 Lenovo.VIRTSCRLSVC - ok 22:13:07.0547 0x1dd4 [ 606DA892A53FA863B67F8D3F8FF016A0, FB026285C07C8A77C1702698E40C2EA694B054C35C62E45C9A5C498BC94BAD49 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys 22:13:07.0578 0x1dd4 LenovoRd - ok 22:13:07.0610 0x1dd4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:13:07.0672 0x1dd4 lltdio - ok 22:13:07.0703 0x1dd4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:13:07.0781 0x1dd4 lltdsvc - ok 22:13:07.0797 0x1dd4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:13:07.0859 0x1dd4 lmhosts - ok 22:13:07.0953 0x1dd4 [ 713B289020B0C72DBAE93EB1EC79B28B, D15713E72D22D183C4AF7B75E74AF3F82F946C7B2AA841DB2B49D88FEF7C5853 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 22:13:07.0984 0x1dd4 LMS - ok 22:13:08.0156 0x1dd4 [ 28B3A0275E6ADFA126874DD56C5A67E0, B7FCC23A8C4F7BC93AB9C7AC200A11AD9DA5A8ED1577B0F6C1013A7E2DA0F463 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe 22:13:08.0234 0x1dd4 LSCWinService - ok 22:13:08.0265 0x1dd4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:13:08.0296 0x1dd4 LSI_FC - ok 22:13:08.0327 0x1dd4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:13:08.0343 0x1dd4 LSI_SAS - ok 22:13:08.0374 0x1dd4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:13:08.0390 0x1dd4 LSI_SAS2 - ok 22:13:08.0405 0x1dd4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:13:08.0436 0x1dd4 LSI_SCSI - ok 22:13:08.0452 0x1dd4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 22:13:08.0530 0x1dd4 luafv - ok 22:13:09.0981 0x1dd4 [ 0CC0E238C431F699C13FD47202B7E265, A2FE971BC708FBE5C384AC9C7FD83899F2EE4456C2974A36E89FF28210893B59 ] MacheenService C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe 22:13:09.0996 0x1dd4 MacheenService - ok 22:13:10.0043 0x1dd4 [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20, 9A72B2FAE2E39D1F7E73DD55888D30AAE46BDC5294A5EA558AF00CABF1C20D5B ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys 22:13:10.0074 0x1dd4 Mbm3CBus - ok 22:13:10.0106 0x1dd4 [ 01E60917101B309E15F30DA26ACF64F6, 141BBBCA6A2E20A1AF242483F98E03401A956C691177EBCC1946D87736B42D59 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 22:13:10.0137 0x1dd4 Mbm3DevMt - ok 22:13:10.0152 0x1dd4 [ 6350A2CA21FB7B14432EFFDC61863AED, C2C051E155455AD57219C1E8689B51D736FB50876BE10F3770B0560BF27C538B ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 22:13:10.0168 0x1dd4 Mbm3mdfl - ok 22:13:10.0199 0x1dd4 [ 9FC3A8713D148E15D0472E1C44DD0FDA, A36FF9787477E7D1F9C202B7D87A701114B76B6A796A89D6D199D351CC040622 ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 22:13:10.0230 0x1dd4 Mbm3Mdm - ok 22:13:10.0262 0x1dd4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:13:10.0308 0x1dd4 Mcx2Svc - ok 22:13:10.0371 0x1dd4 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 22:13:10.0386 0x1dd4 MDM - ok 22:13:10.0402 0x1dd4 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 22:13:10.0418 0x1dd4 mdmxsdk - ok 22:13:10.0449 0x1dd4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 22:13:10.0464 0x1dd4 megasas - ok 22:13:10.0511 0x1dd4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 22:13:10.0542 0x1dd4 MegaSR - ok 22:13:10.0558 0x1dd4 [ 6EA2F13DEAF130753F6FC19AFFFF94A8, ADA5BA2DBCD58372918FD278834B2E13FE0F73E200A2E747AB7B123C31E46825 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 22:13:10.0574 0x1dd4 MEIx64 - ok 22:13:10.0589 0x1dd4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 22:13:10.0667 0x1dd4 MMCSS - ok 22:13:10.0683 0x1dd4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 22:13:10.0745 0x1dd4 Modem - ok 22:13:10.0776 0x1dd4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:13:10.0823 0x1dd4 monitor - ok 22:13:10.0854 0x1dd4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:13:10.0870 0x1dd4 mouclass - ok 22:13:10.0870 0x1dd4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys 22:13:10.0901 0x1dd4 mouhid - ok 22:13:10.0917 0x1dd4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:13:10.0932 0x1dd4 mountmgr - ok 22:13:10.0995 0x1dd4 [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:13:11.0010 0x1dd4 MozillaMaintenance - ok 22:13:11.0073 0x1dd4 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 22:13:11.0104 0x1dd4 MpFilter - ok 22:13:11.0135 0x1dd4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 22:13:11.0151 0x1dd4 mpio - ok 22:13:11.0229 0x1dd4 MpKsl76dc7dea - ok 22:13:11.0260 0x1dd4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:13:11.0322 0x1dd4 mpsdrv - ok 22:13:11.0369 0x1dd4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:13:11.0478 0x1dd4 MpsSvc - ok 22:13:11.0525 0x1dd4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:13:11.0572 0x1dd4 MRxDAV - ok 22:13:11.0603 0x1dd4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:13:11.0666 0x1dd4 mrxsmb - ok 22:13:11.0697 0x1dd4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:13:11.0744 0x1dd4 mrxsmb10 - ok 22:13:11.0775 0x1dd4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:13:11.0806 0x1dd4 mrxsmb20 - ok 22:13:11.0837 0x1dd4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 22:13:11.0853 0x1dd4 msahci - ok 22:13:11.0884 0x1dd4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:13:11.0915 0x1dd4 msdsm - ok 22:13:11.0931 0x1dd4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 22:13:11.0962 0x1dd4 MSDTC - ok 22:13:11.0993 0x1dd4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:13:12.0071 0x1dd4 Msfs - ok 22:13:12.0087 0x1dd4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:13:12.0134 0x1dd4 mshidkmdf - ok 22:13:12.0149 0x1dd4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:13:12.0165 0x1dd4 msisadrv - ok 22:13:12.0212 0x1dd4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:13:12.0274 0x1dd4 MSiSCSI - ok 22:13:12.0274 0x1dd4 msiserver - ok 22:13:12.0305 0x1dd4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:13:12.0352 0x1dd4 MSKSSRV - ok 22:13:12.0430 0x1dd4 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:13:12.0446 0x1dd4 MsMpSvc - ok 22:13:12.0461 0x1dd4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:13:12.0524 0x1dd4 MSPCLOCK - ok 22:13:12.0539 0x1dd4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:13:12.0617 0x1dd4 MSPQM - ok 22:13:12.0648 0x1dd4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:13:12.0680 0x1dd4 MsRPC - ok 22:13:12.0695 0x1dd4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:13:12.0711 0x1dd4 mssmbios - ok 22:13:12.0726 0x1dd4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:13:12.0773 0x1dd4 MSTEE - ok 22:13:12.0789 0x1dd4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 22:13:12.0836 0x1dd4 MTConfig - ok 22:13:12.0851 0x1dd4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 22:13:12.0867 0x1dd4 Mup - ok 22:13:12.0914 0x1dd4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 22:13:12.0992 0x1dd4 napagent - ok 22:13:13.0038 0x1dd4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:13:13.0070 0x1dd4 NativeWifiP - ok 22:13:13.0163 0x1dd4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 22:13:13.0226 0x1dd4 NDIS - ok 22:13:13.0241 0x1dd4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:13:13.0304 0x1dd4 NdisCap - ok 22:13:13.0335 0x1dd4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:13:13.0397 0x1dd4 NdisTapi - ok 22:13:13.0413 0x1dd4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:13:13.0491 0x1dd4 Ndisuio - ok 22:13:13.0522 0x1dd4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:13:13.0584 0x1dd4 NdisWan - ok 22:13:13.0584 0x1dd4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:13:13.0662 0x1dd4 NDProxy - ok 22:13:13.0678 0x1dd4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:13:13.0756 0x1dd4 NetBIOS - ok 22:13:13.0772 0x1dd4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:13:13.0850 0x1dd4 NetBT - ok 22:13:13.0881 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe 22:13:13.0896 0x1dd4 Netlogon - ok 22:13:13.0943 0x1dd4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 22:13:14.0037 0x1dd4 Netman - ok 22:13:14.0130 0x1dd4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:13:14.0146 0x1dd4 NetMsmqActivator - ok 22:13:14.0162 0x1dd4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:13:14.0193 0x1dd4 NetPipeActivator - ok 22:13:14.0224 0x1dd4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 22:13:14.0302 0x1dd4 netprofm - ok 22:13:14.0318 0x1dd4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:13:14.0349 0x1dd4 NetTcpActivator - ok 22:13:14.0364 0x1dd4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:13:14.0380 0x1dd4 NetTcpPortSharing - ok 22:13:14.0770 0x1dd4 [ 5D262402B0634C998F8CBCEAD7DD8676, 535C869C4522B012A7FB600382D46D6E5F242C18F28590FD26A918648B19EDFD ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 22:13:15.0207 0x1dd4 NETwNs64 - ok 22:13:15.0254 0x1dd4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:13:15.0269 0x1dd4 nfrd960 - ok 22:13:15.0316 0x1dd4 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 22:13:15.0347 0x1dd4 NisDrv - ok 22:13:15.0378 0x1dd4 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 22:13:15.0410 0x1dd4 NisSrv - ok 22:13:15.0456 0x1dd4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:13:15.0519 0x1dd4 NlaSvc - ok 22:13:15.0534 0x1dd4 nmwcd - ok 22:13:15.0534 0x1dd4 nmwcdc - ok 22:13:15.0550 0x1dd4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:13:15.0612 0x1dd4 Npfs - ok 22:13:15.0659 0x1dd4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 22:13:15.0722 0x1dd4 nsi - ok 22:13:15.0753 0x1dd4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:13:15.0800 0x1dd4 nsiproxy - ok 22:13:15.0924 0x1dd4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:13:16.0002 0x1dd4 Ntfs - ok 22:13:16.0018 0x1dd4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 22:13:16.0080 0x1dd4 Null - ok 22:13:16.0112 0x1dd4 [ 69FCDECD0215195261EC5362AB4A1520, B1B1DBACC4641AC4A4520CDE736074468BC9B5605BD5DFB140D946A0DF810F08 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 22:13:16.0158 0x1dd4 nusb3hub - ok 22:13:16.0205 0x1dd4 [ F813EA99DA158FB4079622D882873D63, 243DE756315C8652718871AB499DC3AEBA2A48438706CA37B3C46B02ED6DFF63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 22:13:16.0252 0x1dd4 nusb3xhc - ok 22:13:16.0314 0x1dd4 [ DC933C28D5A1595B042863F6A61ED86E, F71D9C24F9FF617ECC861419C077353D9464F17B3524582F4FA989951F51747F ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys 22:13:16.0346 0x1dd4 nvkflt - ok 22:13:16.0860 0x1dd4 [ A51F78816F7F4B5862D9F6E0E0E588C4, 7634A83B60E7496651299690D766EA7AFF185437D3173D10D093ED71D2C13270 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:13:17.0344 0x1dd4 nvlddmkm - ok 22:13:17.0438 0x1dd4 [ 88EE7DDE10562A71D995C37F88220281, 4C53B770C153AAD6C1BB27F5D738E94DCB6E1D3CB81615BECE30401B44BAD9E8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 22:13:17.0469 0x1dd4 nvpciflt - ok 22:13:17.0484 0x1dd4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:13:17.0516 0x1dd4 nvraid - ok 22:13:17.0531 0x1dd4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:13:17.0562 0x1dd4 nvstor - ok 22:13:17.0625 0x1dd4 [ 5DCB3AE42B3430EDAC80A42BB9BADEB6, FA57B03D10B6BB50D878F4720E30D3753622A711A6DF990FFA8875E409C4678A ] NVSvc C:\Windows\system32\nvvsvc.exe 22:13:17.0672 0x1dd4 NVSvc - ok 22:13:17.0796 0x1dd4 [ 05E0B6C24F94EBEB17958385B8C2F316, CCED36F94A6EB74A8FF0BA3A8E47D16530072000ECEE33FB0A5927B8ACEA464C ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:13:17.0859 0x1dd4 nvUpdatusService - ok 22:13:17.0906 0x1dd4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:13:17.0921 0x1dd4 nv_agp - ok 22:13:18.0015 0x1dd4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:13:18.0046 0x1dd4 odserv - ok 22:13:18.0062 0x1dd4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:13:18.0108 0x1dd4 ohci1394 - ok 22:13:18.0171 0x1dd4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:13:18.0186 0x1dd4 ose - ok 22:13:18.0233 0x1dd4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:13:18.0296 0x1dd4 p2pimsvc - ok 22:13:18.0342 0x1dd4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 22:13:18.0389 0x1dd4 p2psvc - ok 22:13:18.0420 0x1dd4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 22:13:18.0452 0x1dd4 Parport - ok 22:13:18.0498 0x1dd4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:13:18.0514 0x1dd4 partmgr - ok 22:13:18.0530 0x1dd4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 22:13:18.0576 0x1dd4 PcaSvc - ok 22:13:18.0608 0x1dd4 [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 22:13:18.0670 0x1dd4 pccsmcfd - ok 22:13:18.0748 0x1dd4 [ 7317A0B550F7AC0223B7070897670476, ABB0A1296BA267467C16CF99383EFCAB1732B07EE5B2494197A26B8432DD0A94 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms 22:13:18.0764 0x1dd4 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok 22:13:18.0795 0x1dd4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 22:13:18.0810 0x1dd4 pci - ok 22:13:18.0857 0x1dd4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 22:13:18.0888 0x1dd4 pciide - ok 22:13:18.0904 0x1dd4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:13:18.0935 0x1dd4 pcmcia - ok 22:13:18.0951 0x1dd4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 22:13:18.0966 0x1dd4 pcw - ok 22:13:19.0013 0x1dd4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:13:19.0091 0x1dd4 PEAUTH - ok 22:13:19.0185 0x1dd4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 22:13:19.0294 0x1dd4 PeerDistSvc - ok 22:13:19.0356 0x1dd4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:13:19.0403 0x1dd4 PerfHost - ok 22:13:19.0450 0x1dd4 [ 18EEA095AF22AC5FA16FC27FB98C82D3, B9E7D8D7172E873650FB61604F192958E86BE51EDCD22278995F4F0441167E39 ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 22:13:19.0466 0x1dd4 PHCORE - ok 22:13:19.0559 0x1dd4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 22:13:19.0668 0x1dd4 pla - ok 22:13:19.0715 0x1dd4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:13:19.0778 0x1dd4 PlugPlay - ok 22:13:19.0809 0x1dd4 [ 0BEE791C7C7ACE453C134E73633C497D, 82B30461DBF40AC15FCE6A83B9BAD2EBD05B27DEA1B784EAA096422FE8927B7B ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 22:13:19.0824 0x1dd4 pmxdrv - ok 22:13:19.0824 0x1dd4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:13:19.0856 0x1dd4 PNRPAutoReg - ok 22:13:19.0871 0x1dd4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:13:19.0902 0x1dd4 PNRPsvc - ok 22:13:19.0949 0x1dd4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:13:20.0027 0x1dd4 PolicyAgent - ok 22:13:20.0074 0x1dd4 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 22:13:20.0136 0x1dd4 Power - ok 22:13:20.0246 0x1dd4 [ 1DA9A7E5F1280E217DCEDD2195EDDA3A, 653BBF46666F13CD6285EEFB36F32AD3C32F42E299E9E3FA75D40240152FF07A ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 22:13:20.0324 0x1dd4 Power Manager DBC Service - ok 22:13:20.0370 0x1dd4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:13:20.0448 0x1dd4 PptpMiniport - ok 22:13:20.0464 0x1dd4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 22:13:20.0495 0x1dd4 Processor - ok 22:13:20.0542 0x1dd4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 22:13:20.0573 0x1dd4 ProfSvc - ok 22:13:20.0620 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:13:20.0651 0x1dd4 ProtectedStorage - ok 22:13:20.0682 0x1dd4 [ A70AD30223866947E39BC221DF4C2306, E1714080D6DDF966413311D8D2F7AFF57195BB681B1BE194DE2237DA7B05D7A6 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 22:13:20.0698 0x1dd4 psadd - ok 22:13:20.0714 0x1dd4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:13:20.0760 0x1dd4 Psched - ok 22:13:20.0792 0x1dd4 [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 22:13:20.0823 0x1dd4 PSI_SVC_2 - ok 22:13:20.0916 0x1dd4 [ 82C965557E0A8FE26DDF90E09F4CA3F9, A688871E45032EAC725F30FFDEB5DE3EB51B608ACD874F434584150D7BAE22F0 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 22:13:20.0994 0x1dd4 PwmEWSvc - ok 22:13:21.0088 0x1dd4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:13:21.0166 0x1dd4 ql2300 - ok 22:13:21.0197 0x1dd4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:13:21.0213 0x1dd4 ql40xx - ok 22:13:21.0244 0x1dd4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 22:13:21.0291 0x1dd4 QWAVE - ok 22:13:21.0291 0x1dd4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:13:21.0322 0x1dd4 QWAVEdrv - ok 22:13:21.0338 0x1dd4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:13:21.0384 0x1dd4 RasAcd - ok 22:13:21.0416 0x1dd4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:13:21.0478 0x1dd4 RasAgileVpn - ok 22:13:21.0494 0x1dd4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 22:13:21.0540 0x1dd4 RasAuto - ok 22:13:21.0556 0x1dd4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:13:21.0618 0x1dd4 Rasl2tp - ok 22:13:21.0634 0x1dd4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 22:13:21.0728 0x1dd4 RasMan - ok 22:13:21.0743 0x1dd4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:13:21.0821 0x1dd4 RasPppoe - ok 22:13:21.0837 0x1dd4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:13:21.0915 0x1dd4 RasSstp - ok 22:13:21.0946 0x1dd4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:13:22.0024 0x1dd4 rdbss - ok 22:13:22.0040 0x1dd4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:13:22.0086 0x1dd4 rdpbus - ok 22:13:22.0118 0x1dd4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:13:22.0164 0x1dd4 RDPCDD - ok 22:13:22.0196 0x1dd4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:13:22.0227 0x1dd4 RDPDR - ok 22:13:22.0227 0x1dd4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:13:22.0289 0x1dd4 RDPENCDD - ok 22:13:22.0289 0x1dd4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:13:22.0367 0x1dd4 RDPREFMP - ok 22:13:22.0461 0x1dd4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 22:13:22.0508 0x1dd4 RdpVideoMiniport - ok 22:13:22.0554 0x1dd4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:13:22.0601 0x1dd4 RDPWD - ok 22:13:22.0632 0x1dd4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:13:22.0664 0x1dd4 rdyboost - ok 22:13:22.0757 0x1dd4 [ 189C5A8D2098E0AA14FD157A954B34FC, 2549746D1C6F7FDCB632BE0E7386FA0CDDBA0EA0EC9DD88A8348A03B2C3722E0 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 22:13:22.0804 0x1dd4 RegSrvc - ok 22:13:22.0820 0x1dd4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:13:22.0898 0x1dd4 RemoteAccess - ok 22:13:22.0944 0x1dd4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:13:23.0007 0x1dd4 RemoteRegistry - ok 22:13:23.0038 0x1dd4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 22:13:23.0069 0x1dd4 RFCOMM - ok 22:13:23.0100 0x1dd4 [ AD42432D22940B4215177BE113E4919C, BF04E1F942846B928E523727EB03BBFA83FCE535CF7C0A4E787A5CBA46D5BF8D ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 22:13:23.0132 0x1dd4 RimUsb - ok 22:13:23.0178 0x1dd4 [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 22:13:23.0210 0x1dd4 RimVSerPort - ok 22:13:23.0241 0x1dd4 [ FF501F212E5D5A97F8339928320F269E, E148AD940FD274C8C5775F835C5E1FC61943BA648445C32432965B7B4AA5EA7E ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys 22:13:23.0272 0x1dd4 risdxc - ok 22:13:23.0303 0x1dd4 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 22:13:23.0350 0x1dd4 ROOTMODEM - ok 22:13:23.0381 0x1dd4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:13:23.0459 0x1dd4 RpcEptMapper - ok 22:13:23.0475 0x1dd4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 22:13:23.0522 0x1dd4 RpcLocator - ok 22:13:23.0568 0x1dd4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 22:13:23.0646 0x1dd4 RpcSs - ok 22:13:23.0662 0x1dd4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:13:23.0724 0x1dd4 rspndr - ok 22:13:23.0740 0x1dd4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 22:13:23.0771 0x1dd4 s3cap - ok 22:13:23.0787 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe 22:13:23.0802 0x1dd4 SamSs - ok 22:13:23.0818 0x1dd4 SAService - ok 22:13:23.0834 0x1dd4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:13:23.0849 0x1dd4 sbp2port - ok 22:13:23.0880 0x1dd4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:13:23.0943 0x1dd4 SCardSvr - ok 22:13:23.0943 0x1dd4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:13:24.0021 0x1dd4 scfilter - ok 22:13:24.0083 0x1dd4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 22:13:24.0192 0x1dd4 Schedule - ok 22:13:24.0208 0x1dd4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:13:24.0270 0x1dd4 SCPolicySvc - ok 22:13:24.0286 0x1dd4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:13:24.0317 0x1dd4 SDRSVC - ok 22:13:24.0348 0x1dd4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:13:24.0411 0x1dd4 secdrv - ok 22:13:24.0442 0x1dd4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 22:13:24.0520 0x1dd4 seclogon - ok 22:13:24.0536 0x1dd4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 22:13:24.0598 0x1dd4 SENS - ok 22:13:24.0614 0x1dd4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:13:24.0645 0x1dd4 SensrSvc - ok 22:13:24.0660 0x1dd4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 22:13:24.0707 0x1dd4 Serenum - ok 22:13:24.0723 0x1dd4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 22:13:24.0754 0x1dd4 Serial - ok 22:13:24.0770 0x1dd4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:13:24.0801 0x1dd4 sermouse - ok 22:13:24.0863 0x1dd4 [ 5BF59C6BC737BAAF541168E5CB2EC1D9, D792C95C54B9B7A5386EA75318DEF064000F3EDC48845D8EC152A4A6DB931734 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 22:13:24.0910 0x1dd4 ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:27.0578 0x1dd4 Detect skipped due to KSN trusted 22:13:27.0578 0x1dd4 ServiceLayer - ok 22:13:27.0640 0x1dd4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 22:13:27.0718 0x1dd4 SessionEnv - ok 22:13:27.0734 0x1dd4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:13:27.0780 0x1dd4 sffdisk - ok 22:13:27.0796 0x1dd4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:13:27.0827 0x1dd4 sffp_mmc - ok 22:13:27.0827 0x1dd4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:13:27.0874 0x1dd4 sffp_sd - ok 22:13:27.0905 0x1dd4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:13:27.0921 0x1dd4 sfloppy - ok 22:13:27.0983 0x1dd4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:13:28.0077 0x1dd4 SharedAccess - ok 22:13:28.0108 0x1dd4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:13:28.0186 0x1dd4 ShellHWDetection - ok 22:13:28.0217 0x1dd4 [ E2FC046D4EDABFE3B5EF7DA06406277D, DB2B2A3BE6DC85F414D969E16E8E770BB7ADFA6E44B5FA6725B76D17978DF22A ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 22:13:28.0248 0x1dd4 Shockprf - ok 22:13:28.0264 0x1dd4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:13:28.0280 0x1dd4 SiSRaid2 - ok 22:13:28.0295 0x1dd4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:13:28.0311 0x1dd4 SiSRaid4 - ok 22:13:28.0326 0x1dd4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:13:28.0389 0x1dd4 Smb - ok 22:13:28.0420 0x1dd4 [ C40F447162D99F6CBFC29A0B7EFE270B, 8826CEC13E5AAE763826B916143E6D3289FB75933206074DC67376B265E4C796 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 22:13:28.0436 0x1dd4 SmbDrvI - ok 22:13:28.0529 0x1dd4 [ 3BC2844AF786CA422CC31D505ACFA9F2, 38936490E2F404FC1235D8C6C7E87809E2935057041CBE884D887B0A69A47279 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 22:13:28.0545 0x1dd4 smihlp - ok 22:13:28.0576 0x1dd4 [ 3BC2844AF786CA422CC31D505ACFA9F2, 38936490E2F404FC1235D8C6C7E87809E2935057041CBE884D887B0A69A47279 ] smihlp2 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 22:13:28.0607 0x1dd4 smihlp2 - ok 22:13:28.0638 0x1dd4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:13:28.0670 0x1dd4 SNMPTRAP - ok 22:13:28.0685 0x1dd4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 22:13:28.0701 0x1dd4 spldr - ok 22:13:28.0763 0x1dd4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 22:13:28.0841 0x1dd4 Spooler - ok 22:13:29.0013 0x1dd4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 22:13:29.0247 0x1dd4 sppsvc - ok 22:13:29.0278 0x1dd4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:13:29.0340 0x1dd4 sppuinotify - ok 22:13:29.0418 0x1dd4 [ C8832DEA7AF7AD005548F1F5C7C086EB, 0D3DA9CE653D7750647BF50658B731E986AFDC7477C08B794FF12C5A485B4648 ] SROSVC C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe 22:13:29.0450 0x1dd4 SROSVC - ok 22:13:29.0496 0x1dd4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:13:29.0559 0x1dd4 srv - ok 22:13:29.0606 0x1dd4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:13:29.0652 0x1dd4 srv2 - ok 22:13:29.0699 0x1dd4 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 22:13:29.0730 0x1dd4 SrvHsfHDA - ok 22:13:29.0808 0x1dd4 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 22:13:29.0902 0x1dd4 SrvHsfV92 - ok 22:13:29.0949 0x1dd4 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 22:13:30.0011 0x1dd4 SrvHsfWinac - ok 22:13:30.0058 0x1dd4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:13:30.0089 0x1dd4 srvnet - ok 22:13:30.0120 0x1dd4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:13:30.0198 0x1dd4 SSDPSRV - ok 22:13:30.0214 0x1dd4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:13:30.0276 0x1dd4 SstpSvc - ok 22:13:30.0370 0x1dd4 [ 845305743E0F7DB9B3A9AC1F49C635F1, 042B1667DF7A09F0845024C878D60272078BC4F1781D98A3C9E01653FE06BB03 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:13:30.0401 0x1dd4 Stereo Service - ok 22:13:30.0417 0x1dd4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:13:30.0432 0x1dd4 stexstor - ok 22:13:30.0479 0x1dd4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 22:13:30.0526 0x1dd4 stisvc - ok 22:13:30.0557 0x1dd4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 22:13:30.0573 0x1dd4 storflt - ok 22:13:30.0588 0x1dd4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 22:13:30.0604 0x1dd4 StorSvc - ok 22:13:30.0635 0x1dd4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 22:13:30.0651 0x1dd4 storvsc - ok 22:13:30.0666 0x1dd4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:13:30.0682 0x1dd4 swenum - ok 22:13:30.0729 0x1dd4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 22:13:30.0807 0x1dd4 swprv - ok 22:13:30.0869 0x1dd4 [ BBF351BB2726CBE6DB12CE8D5B052210, 97F3CCEEC910375A42E5DEA932033BB08BCB012513EE5285FE0E6E99727655F4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 22:13:30.0900 0x1dd4 SynTP - ok 22:13:30.0994 0x1dd4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 22:13:31.0103 0x1dd4 SysMain - ok 22:13:31.0134 0x1dd4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:13:31.0181 0x1dd4 TabletInputService - ok 22:13:31.0212 0x1dd4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 22:13:31.0290 0x1dd4 TapiSrv - ok 22:13:31.0322 0x1dd4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 22:13:31.0384 0x1dd4 TBS - ok 22:13:31.0509 0x1dd4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:13:31.0602 0x1dd4 Tcpip - ok 22:13:31.0727 0x1dd4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:13:31.0821 0x1dd4 TCPIP6 - ok 22:13:31.0868 0x1dd4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:13:31.0899 0x1dd4 tcpipreg - ok 22:13:31.0914 0x1dd4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:13:31.0961 0x1dd4 TDPIPE - ok 22:13:31.0977 0x1dd4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:13:32.0024 0x1dd4 TDTCP - ok 22:13:32.0055 0x1dd4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:13:32.0133 0x1dd4 tdx - ok 22:13:32.0148 0x1dd4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:13:32.0164 0x1dd4 TermDD - ok 22:13:32.0242 0x1dd4 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll 22:13:32.0289 0x1dd4 TermService - ok 22:13:32.0320 0x1dd4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 22:13:32.0351 0x1dd4 Themes - ok 22:13:32.0460 0x1dd4 [ D3504242E506AF450C0A30E79363097C, BCA70455400ECDF3E0DEFCD28052910C6DEA5212C9980121F37F278DEA9C1B45 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe 22:13:32.0538 0x1dd4 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:35.0924 0x1dd4 Detect skipped due to KSN trusted 22:13:35.0924 0x1dd4 ThinkVantage Registry Monitor Service - ok 22:13:35.0986 0x1dd4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 22:13:36.0048 0x1dd4 THREADORDER - ok 22:13:36.0064 0x1dd4 [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6, 6FB582C4BC0093A585942FB510B40C2222AF477A1D8DC22C3B3ACB3B83A9B31E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 22:13:36.0080 0x1dd4 TPDIGIMN - ok 22:13:36.0111 0x1dd4 [ F0684C62ED8FD3061CD488ECFC851022, 0F22F355C468512B25ED7BC3826146DCAA51BBC58EA59175EF911EFF91F3E363 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 22:13:36.0126 0x1dd4 TPHDEXLGSVC - ok 22:13:36.0189 0x1dd4 [ 8A1CAB578B61DD178A505B951229E6D7, ECA0E264F47638044DDE226A4C899299B651523AE91F44ECE496C0E3DC2F78A5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 22:13:36.0204 0x1dd4 TPHKLOAD - ok 22:13:36.0220 0x1dd4 [ 5B62F45C87CC0FB176C5358EEA6CFB4C, D3ED391278AE0F26BCF947057E63DD0CCA4FAD9D15C23D34E14A1F34571DAC77 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 22:13:36.0236 0x1dd4 TPHKSVC - ok 22:13:36.0267 0x1dd4 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys 22:13:36.0282 0x1dd4 TPM - ok 22:13:36.0314 0x1dd4 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 22:13:36.0329 0x1dd4 TPPWRIF - ok 22:13:36.0376 0x1dd4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 22:13:36.0438 0x1dd4 TrkWks - ok 22:13:36.0485 0x1dd4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:13:36.0563 0x1dd4 TrustedInstaller - ok 22:13:36.0610 0x1dd4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:13:36.0626 0x1dd4 tssecsrv - ok 22:13:36.0672 0x1dd4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:13:36.0719 0x1dd4 TsUsbFlt - ok 22:13:36.0750 0x1dd4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 22:13:36.0782 0x1dd4 TsUsbGD - ok 22:13:36.0813 0x1dd4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:13:36.0875 0x1dd4 tunnel - ok 22:13:36.0984 0x1dd4 [ C9859779F9C29AADFBF454B7605452E6, 1118F32337165C2E707A311D1EE3B8A07DB4447E2D835C621A6D928ABFF963A8 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe 22:13:37.0062 0x1dd4 TVT Backup Service - ok 22:13:37.0094 0x1dd4 [ 4DAAE0413CD4E816258838E2FAFB3147, 7D45621A0148C2EEA4302A5852D9407DCEF1947936E9E840788F01625E869CDD ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys 22:13:37.0109 0x1dd4 TVTI2C - ok 22:13:37.0125 0x1dd4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:13:37.0140 0x1dd4 uagp35 - ok 22:13:37.0187 0x1dd4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:13:37.0265 0x1dd4 udfs - ok 22:13:37.0296 0x1dd4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:13:37.0312 0x1dd4 UI0Detect - ok 22:13:37.0374 0x1dd4 [ BE788A747457E6916586C410EC0111E7, 525F9065270AF40FED854C5B3C7E690783F5169C2F9286EE225F6C817ED1E237 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 22:13:37.0374 0x1dd4 UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:40.0245 0x1dd4 Detect skipped due to KSN trusted 22:13:40.0245 0x1dd4 UleadBurningHelper - ok 22:13:40.0260 0x1dd4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:13:40.0292 0x1dd4 uliagpkx - ok 22:13:40.0307 0x1dd4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:13:40.0354 0x1dd4 umbus - ok 22:13:40.0370 0x1dd4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 22:13:40.0385 0x1dd4 UmPass - ok 22:13:40.0401 0x1dd4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 22:13:40.0448 0x1dd4 UmRdpService - ok 22:13:40.0650 0x1dd4 [ F0EDD898A6B56C69BD92A06146E8ED98, 624D8F84E9FD82A852C9884A80381814A8D4880D19A53E71B64B1A2E388ADF25 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 22:13:40.0775 0x1dd4 UNS - ok 22:13:40.0806 0x1dd4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 22:13:40.0900 0x1dd4 upnphost - ok 22:13:40.0931 0x1dd4 upperdev - ok 22:13:40.0947 0x1dd4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:13:40.0962 0x1dd4 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:43.0692 0x1dd4 Detect skipped due to KSN trusted 22:13:43.0692 0x1dd4 USBAAPL64 - ok 22:13:43.0755 0x1dd4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:13:43.0802 0x1dd4 usbccgp - ok 22:13:43.0848 0x1dd4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:13:43.0911 0x1dd4 usbcir - ok 22:13:43.0958 0x1dd4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 22:13:43.0989 0x1dd4 usbehci - ok 22:13:44.0036 0x1dd4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:13:44.0067 0x1dd4 usbhub - ok 22:13:44.0098 0x1dd4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:13:44.0145 0x1dd4 usbohci - ok 22:13:44.0192 0x1dd4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:13:44.0223 0x1dd4 usbprint - ok 22:13:44.0285 0x1dd4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:13:44.0332 0x1dd4 usbscan - ok 22:13:44.0363 0x1dd4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:13:44.0410 0x1dd4 USBSTOR - ok 22:13:44.0457 0x1dd4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:13:44.0472 0x1dd4 usbuhci - ok 22:13:44.0535 0x1dd4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:13:44.0582 0x1dd4 usbvideo - ok 22:13:44.0597 0x1dd4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 22:13:44.0660 0x1dd4 UxSms - ok 22:13:44.0691 0x1dd4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe 22:13:44.0706 0x1dd4 VaultSvc - ok 22:13:44.0738 0x1dd4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:13:44.0753 0x1dd4 vdrvroot - ok 22:13:44.0784 0x1dd4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 22:13:44.0878 0x1dd4 vds - ok 22:13:44.0909 0x1dd4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:13:44.0940 0x1dd4 vga - ok 22:13:44.0940 0x1dd4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:13:45.0003 0x1dd4 VgaSave - ok 22:13:45.0018 0x1dd4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:13:45.0050 0x1dd4 vhdmp - ok 22:13:45.0096 0x1dd4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 22:13:45.0112 0x1dd4 viaide - ok 22:13:45.0128 0x1dd4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 22:13:45.0159 0x1dd4 vmbus - ok 22:13:45.0174 0x1dd4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 22:13:45.0190 0x1dd4 VMBusHID - ok 22:13:45.0206 0x1dd4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:13:45.0221 0x1dd4 volmgr - ok 22:13:45.0252 0x1dd4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:13:45.0284 0x1dd4 volmgrx - ok 22:13:45.0315 0x1dd4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:13:45.0330 0x1dd4 volsnap - ok 22:13:45.0362 0x1dd4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:13:45.0377 0x1dd4 vsmraid - ok 22:13:45.0471 0x1dd4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 22:13:45.0596 0x1dd4 VSS - ok 22:13:45.0611 0x1dd4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:13:45.0642 0x1dd4 vwifibus - ok 22:13:45.0642 0x1dd4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:13:45.0689 0x1dd4 vwififlt - ok 22:13:45.0736 0x1dd4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:13:45.0767 0x1dd4 vwifimp - ok 22:13:45.0814 0x1dd4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 22:13:45.0892 0x1dd4 W32Time - ok 22:13:45.0908 0x1dd4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:13:45.0923 0x1dd4 WacomPen - ok 22:13:45.0954 0x1dd4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:13:46.0017 0x1dd4 WANARP - ok 22:13:46.0048 0x1dd4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:13:46.0095 0x1dd4 Wanarpv6 - ok 22:13:46.0173 0x1dd4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 22:13:46.0298 0x1dd4 wbengine - ok 22:13:46.0329 0x1dd4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:13:46.0360 0x1dd4 WbioSrvc - ok 22:13:46.0391 0x1dd4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:13:46.0454 0x1dd4 wcncsvc - ok 22:13:46.0469 0x1dd4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:13:46.0532 0x1dd4 WcsPlugInService - ok 22:13:46.0547 0x1dd4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 22:13:46.0563 0x1dd4 Wd - ok 22:13:46.0641 0x1dd4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:13:46.0688 0x1dd4 Wdf01000 - ok 22:13:46.0719 0x1dd4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:13:46.0828 0x1dd4 WdiServiceHost - ok 22:13:46.0844 0x1dd4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:13:46.0875 0x1dd4 WdiSystemHost - ok 22:13:46.0906 0x1dd4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 22:13:46.0953 0x1dd4 WebClient - ok 22:13:47.0078 0x1dd4 [ 507D80C0ACCC3B4FC123BD99D0AF3F97, 09AF6BBAFEA01B0A108C2EFE019F3D8ACA89C2C9D2DEB5F7E83F4E9971BAD338 ] WebUpdate4 C:\Windows\SysWOW64\WebUpdateSvc4.exe 22:13:47.0093 0x1dd4 WebUpdate4 - ok 22:13:47.0124 0x1dd4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:13:47.0202 0x1dd4 Wecsvc - ok 22:13:47.0218 0x1dd4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:13:47.0280 0x1dd4 wercplsupport - ok 22:13:47.0312 0x1dd4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 22:13:47.0358 0x1dd4 WerSvc - ok 22:13:47.0390 0x1dd4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:13:47.0436 0x1dd4 WfpLwf - ok 22:13:47.0452 0x1dd4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:13:47.0468 0x1dd4 WIMMount - ok 22:13:47.0530 0x1dd4 [ 1EDBBF412A382550AF6EB35F5E46928E, 23FC32929913CF784A78C334D0B0E9D812EA6BDF70BB5C993DDE492CBEE8265E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys 22:13:47.0577 0x1dd4 winachsf - ok 22:13:47.0608 0x1dd4 WinDefend - ok 22:13:47.0624 0x1dd4 WinHttpAutoProxySvc - ok 22:13:47.0686 0x1dd4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:13:47.0748 0x1dd4 Winmgmt - ok 22:13:47.0858 0x1dd4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 22:13:48.0029 0x1dd4 WinRM - ok 22:13:48.0076 0x1dd4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 22:13:48.0092 0x1dd4 WinUsb - ok 22:13:48.0154 0x1dd4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:13:48.0216 0x1dd4 Wlansvc - ok 22:13:48.0279 0x1dd4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:13:48.0294 0x1dd4 wlcrasvc - ok 22:13:48.0435 0x1dd4 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:13:48.0560 0x1dd4 wlidsvc - ok 22:13:48.0591 0x1dd4 WMCoreService - ok 22:13:48.0606 0x1dd4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:13:48.0622 0x1dd4 WmiAcpi - ok 22:13:48.0653 0x1dd4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:13:48.0700 0x1dd4 wmiApSrv - ok 22:13:48.0747 0x1dd4 WMPNetworkSvc - ok 22:13:48.0762 0x1dd4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:13:48.0794 0x1dd4 WPCSvc - ok 22:13:48.0809 0x1dd4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:13:48.0856 0x1dd4 WPDBusEnum - ok 22:13:48.0872 0x1dd4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:13:48.0950 0x1dd4 ws2ifsl - ok 22:13:48.0965 0x1dd4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 22:13:49.0028 0x1dd4 wscsvc - ok 22:13:49.0028 0x1dd4 WSearch - ok 22:13:49.0184 0x1dd4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll 22:13:49.0308 0x1dd4 wuauserv - ok 22:13:49.0355 0x1dd4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:13:49.0433 0x1dd4 WudfPf - ok 22:13:49.0464 0x1dd4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:13:49.0496 0x1dd4 WUDFRd - ok 22:13:49.0542 0x1dd4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:13:49.0574 0x1dd4 wudfsvc - ok 22:13:49.0620 0x1dd4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:13:49.0683 0x1dd4 WwanSvc - ok 22:13:49.0745 0x1dd4 [ 63DD9FFD416D66959C9DA57D8B001531, 3DB6C38B698565F9DAD0680D8E9BF3CE285E4298307E81918FF21F509E32CF0D ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 22:13:49.0761 0x1dd4 WwanUsbServ - ok 22:13:49.0776 0x1dd4 [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys 22:13:49.0792 0x1dd4 XAudio - ok 22:13:49.0823 0x1dd4 ================ Scan global =============================== 22:13:49.0839 0x1dd4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 22:13:49.0870 0x1dd4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 22:13:49.0901 0x1dd4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 22:13:49.0932 0x1dd4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 22:13:49.0964 0x1dd4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 22:13:49.0979 0x1dd4 [ Global ] - ok 22:13:49.0979 0x1dd4 ================ Scan MBR ================================== 22:13:49.0995 0x1dd4 [ 64D7BED8676774A49DA5E8B37D00B888 ] \Device\Harddisk0\DR0 22:13:50.0354 0x1dd4 \Device\Harddisk0\DR0 - ok 22:13:50.0354 0x1dd4 ================ Scan VBR ================================== 22:13:50.0354 0x1dd4 [ 5064D617B4E9E008DEB15C92A5DF25B8 ] \Device\Harddisk0\DR0\Partition1 22:13:50.0369 0x1dd4 \Device\Harddisk0\DR0\Partition1 - ok 22:13:50.0369 0x1dd4 [ 536E874457FD461914C74DE0FC3B3F20 ] \Device\Harddisk0\DR0\Partition2 22:13:50.0369 0x1dd4 \Device\Harddisk0\DR0\Partition2 - ok 22:13:50.0385 0x1dd4 [ 040618F30A596D25369BBCA5DF527FEC ] \Device\Harddisk0\DR0\Partition3 22:13:50.0385 0x1dd4 \Device\Harddisk0\DR0\Partition3 - ok 22:13:50.0385 0x1dd4 ================ Scan generic autorun ====================== 22:13:50.0432 0x1dd4 [ 3B46C768A26D33F867B1A3D06C281A8A, 5E04D008892BA2EEB1009E9CEA9EC62E1783BD1C12B4C84F94371600821363D8 ] C:\Windows\system32\TpShocks.exe 22:13:50.0463 0x1dd4 TpShocks - ok 22:13:50.0510 0x1dd4 [ 4ACF6E956AADC3CE28743E0419076A13, 797D462CD103BB4AB4F46D0F29BFC3B68DCEFD253BC96C86920627038FEF9E7B ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe 22:13:50.0525 0x1dd4 SmartAudio - ok 22:13:50.0556 0x1dd4 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe 22:13:50.0572 0x1dd4 ForteConfig - ok 22:13:50.0619 0x1dd4 [ 084F1404AE15651DF5F5246C2E3D5569, 52212D1CBDDE9B5C5210216094EEB0D7AF8B85CE7A61690023F24A43338AC0C0 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe 22:13:50.0634 0x1dd4 LENOVO.TPKNRRES - ok 22:13:50.0681 0x1dd4 [ 1D89A66C922883E1A1A7BA83DCA8EED9, 1843841275B07F9F3F71C13FC305A7DCC844E705E483150D699DC7FE188B9CCC ] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE 22:13:50.0712 0x1dd4 ALCKRESI.EXE - ok 22:13:50.0790 0x1dd4 [ B0C52A038B318257412437F99406D39F, 6ABCEB2AC7883CE97C24394A4F113DE13F717ED80B94FAEBCE8BE1A5FE3BD7D2 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe 22:13:50.0806 0x1dd4 AcWin7Hlpr - ok 22:13:50.0931 0x1dd4 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe 22:13:51.0009 0x1dd4 MSC - ok 22:13:51.0071 0x1dd4 [ 138CD5C7641C8229AB2EE904105C65F2, 13895AF37BAABC3443065E2A1236407938F0514A564808AEBBAB17DC8BD275BA ] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe 22:13:51.0087 0x1dd4 PSQLLauncher - ok 22:13:51.0118 0x1dd4 [ 609617A22E765492C54D8BB438D61B23, 3C28D4B2929D88CB4D3595049F4F740A33E1A92215AC8DF0E481CCB558F0617F ] C:\Windows\system32\igfxtray.exe 22:13:51.0149 0x1dd4 IgfxTray - ok 22:13:51.0180 0x1dd4 [ 23177B5ED7BA205D2DACD7709E606BBB, CE35E9E348F8018B1153A287C298F9C79E8893E53EFF4E394D322991B5232685 ] C:\Windows\system32\hkcmd.exe 22:13:51.0212 0x1dd4 HotKeysCmds - ok 22:13:51.0243 0x1dd4 [ D16EADD5B8072DF424A23C12D41A3433, 714D45563A051317A21016E5C85B4BAA536C594D83E008C4CADD4F2EE8F50C83 ] C:\Windows\system32\igfxpers.exe 22:13:51.0274 0x1dd4 Persistence - ok 22:13:51.0274 0x1dd4 SynTPEnh - ok 22:13:51.0274 0x1dd4 PWMTRV - ok 22:13:51.0368 0x1dd4 [ CDB517386A26AE420CB24BDB3CD88779, BAF1EEA0B69A969E0641AAF371BAF51A130D2BAB91C6388F7F60C8904C463EE6 ] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe 22:13:51.0383 0x1dd4 RIMBBLaunchAgent.exe - ok 22:13:51.0477 0x1dd4 [ 616954748C2F28D653C7BAE814CA51FD, D75E46D978E42C2E7041206B18591EDAF700AD27077AE4D1D76E2857A4A77BF8 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 22:13:51.0524 0x1dd4 avgnt - ok 22:13:51.0555 0x1dd4 SearchProtection - ok 22:13:51.0664 0x1dd4 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 22:13:51.0711 0x1dd4 Adobe ARM - ok 22:13:51.0742 0x1dd4 [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Adminsas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 22:13:51.0758 0x1dd4 NUSB3MON - ok 22:13:51.0804 0x1dd4 [ 0307536FD43CC7BFB92F9DAC8DB913F1, 6C8BEDA4ADFBEF28E647B39B3EEA37A20BFE5C93C7EDA79471EFB46156197843 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe 22:13:51.0836 0x1dd4 RotateImage - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:54.0612 0x1dd4 Detect skipped due to KSN trusted 22:13:54.0612 0x1dd4 RotateImage - ok 22:13:54.0706 0x1dd4 [ 7BBA18CEF2B7213CF1D123AE17A9DA89, A0C2C8C0058AA600840608BD4F9D16390EE818E1B2F655482734B874655A17F5 ] C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe 22:13:54.0737 0x1dd4 MobileAccess - ok 22:13:54.0784 0x1dd4 [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe 22:13:54.0815 0x1dd4 iTunesHelper - ok 22:13:54.0862 0x1dd4 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe 22:13:54.0893 0x1dd4 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:57.0686 0x1dd4 Detect skipped due to KSN trusted 22:13:57.0686 0x1dd4 QuickTime Task - ok 22:13:57.0779 0x1dd4 [ 5909C378DF9132FC91F50AF70A53455A, E13CE76ABAFA459BFDB4B7806E73BF57217D0800206FC24805E66573F3670604 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe 22:13:57.0795 0x1dd4 Avira Systray - ok 22:13:57.0873 0x1dd4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 22:13:57.0982 0x1dd4 Sidebar - ok 22:13:57.0998 0x1dd4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 22:13:58.0044 0x1dd4 mctadmin - ok 22:13:58.0122 0x1dd4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 22:13:58.0200 0x1dd4 Sidebar - ok 22:13:58.0216 0x1dd4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 22:13:58.0247 0x1dd4 mctadmin - ok 22:13:58.0310 0x1dd4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 22:13:58.0388 0x1dd4 Sidebar - ok 22:13:58.0403 0x1dd4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 22:13:58.0434 0x1dd4 mctadmin - ok 22:13:58.0466 0x1dd4 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe 22:13:58.0497 0x1dd4 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 ) 22:13:58.0497 0x1dd4 Detect skipped due to KSN trusted 22:13:58.0497 0x1dd4 QuickTime Task - ok 22:13:58.0497 0x1dd4 Waiting for KSN requests completion. In queue: 90 22:13:59.0511 0x1dd4 Waiting for KSN requests completion. In queue: 90 22:14:00.0525 0x1dd4 Waiting for KSN requests completion. In queue: 7 22:14:01.0554 0x1dd4 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.310 ), 0x41000 ( enabled : updated ) 22:14:01.0554 0x1dd4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated ) 22:14:01.0570 0x1dd4 Win FW state via NFP2: enabled 22:14:04.0253 0x1dd4 |
11.11.2014, 22:18 | #6 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen ============================================================ 22:14:04.0253 0x1dd4 Scan finished 22:14:04.0253 0x1dd4 ============================================================ 22:14:04.0253 0x0318 Detected object count: 0 22:14:04.0253 0x0318 Actual detected object count: 0 22:14:15.0002 0x1ce0 Deinitialize success Hi Schrauber, der Log war zu lang. Daher hab ich den in 3 Teilen gepostet. Hoffe, das ist ok?!? Der Scan hat nichts gefunden. |
12.11.2014, 19:17 | #7 |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangenSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.11.2014, 12:25 | #8 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hallo Schrauber, hier die entsprechenden Logs. MBAM Log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.11.2014 Suchlauf-Zeit: 18:21:44 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.13.06 Rootkit Datenbank: v2014.11.12.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 432480 Verstrichene Zeit: 33 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 13/11/2014 um 19:25:08 # Aktualisiert 09/11/2014 von Xplode # Database : 2014-11-12.2 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Admin - ADMIN-THINK # Gestartet von : C:\Users\Admin\Desktop\AdwCleaner_4.101.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Search Protection Ordner Gelöscht : C:\ProgramData\SecTaskMan Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\Appupdater Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\OCS Datei Gelöscht : C:\Users\Admin\Favorites\Startfenster.lnk Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk Datei Gelöscht : C:\Users\Admin\Desktop\Startfenster.lnk ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtection] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\PIP Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v33.1 (x86 de) [9kq2cjsy.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=717BCBDB32C44974AFB8835166AEA249&q="); -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [3194 octets] - [13/11/2014 19:20:03] AdwCleaner[S0].txt - [2619 octets] - [13/11/2014 19:25:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2679 octets] ########## Junkware Removal Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows 7 Professional x64 Ran by Admin on 14.11.2014 at 11:37:22,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Admin\favorites\links\startfenster.lnk" ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{3ED2CD77-505D-4CC1-A8AD-EB985F482BE1} ~~~ FireFox Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9kq2cjsy.default\prefs.js user_pref("browser.search.defaultenginename", "SecureSearch"); user_pref("browser.search.selectedEngine", "SecureSearch"); Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\9kq2cjsy.default\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.11.2014 at 11:40:52,29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02 Ran by Admin (administrator) on ADMIN-THINK on 14-11-2014 11:51:52 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Rene) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hypersoft GmbH) C:\Hypers-!\TerminalCommander.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\PVSW\Bin\w3dbsmgr.exe (Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-01-07] (Conexant systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\...\MountPoints2: {f68f5917-89be-11e0-846e-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hypersoft Terminal Commander.lnk ShortcutTarget: Hypersoft Terminal Commander.lnk -> C:\Hypers-!\MCP-!\TerminalCommander.exe (Hypersoft GmbH) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {DCA63C06-B30D-4178-93A3-8A3F957AFA11} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) "Variable undefined" oder so ähnlich. Was wird das sein? |
15.11.2014, 11:34 | #9 |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.11.2014, 14:18 | #10 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hi Schrauber, hier die logs ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9a3ec584a2f99246beea2ff359a1d18c # engine=21113 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-16 12:54:07 # local_time=2014-11-16 01:54:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 16252 54051930 0 0 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 5666982 110323657 0 0 # scanned=242422 # found=10 # cleaned=0 # scan_time=8060 sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe.vir" sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rene\AppData\Local\Temp\OCS\ocs_v71.exe.vir" sh=77C41FE9D15ADB18C5C91F95FB68F2FB5D80D9B5 ft=1 fh=1dd1b49013d59105 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Local\Temp\2d4b81b2-bd03-4417-9627-a605e8d0d3c3.exe" sh=14C1DC5CB0CF73A42866AEA0A07B0A754C84F6B9 ft=1 fh=7b8fdf4e16867ebd vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\backups\backup-20130418-110438-938.dll" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rene\AppData\Local\Temp\7VMCZA2z.exe.part" sh=EA6013E5D5460BC29F80DD129A572E3A4D3CAB71 ft=1 fh=e2f662d406893100 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rene\Documents\Tipica\SoftonicDownloader_fuer_doro-pdf-writer.exe" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rene\Downloads\cbsidlm-tr1_13-Agere_Systems_AC97_Modem-SEO-130211.exe" sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rene\Downloads\FFSetup3.0.1.zip" sh=C64865489049D00F529962D311A405D7CF3120F9 ft=1 fh=26d3c1970b1fe768 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rene\Downloads\Notepad - CHIP-Downloader.exe" sh=A23519E8073FDB68C377074CFC41DEF71AD03D44 ft=1 fh=ca61199ae536065a vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\Rene\Downloads\vlc-2.0.4-win32.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.223 Adobe Reader XI Mozilla Firefox (33.1) Google Chrome 12.0.742.100 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 01 Ran by Admin (administrator) on ADMIN-THINK on 16-11-2014 14:14:13 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hypersoft GmbH) C:\Hypers-!\TerminalCommander.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\updater\GUP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-01-07] (Conexant systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\...\MountPoints2: {f68f5917-89be-11e0-846e-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hypersoft Terminal Commander.lnk ShortcutTarget: Hypersoft Terminal Commander.lnk -> C:\Hypers-!\MCP-!\TerminalCommander.exe (Hypersoft GmbH) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKCU - {DCA63C06-B30D-4178-93A3-8A3F957AFA11} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Hosts: 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Und die gefundenen Objekte beim ESET Scan habe ich wie beschrieben nicht aktiv gelöscht oder in Quarantäne verschoben. Lediglich das Programm gelöscht. Ist der Rechner jetzt clean? VG Mamasrechner |
17.11.2014, 09:08 | #11 | |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.11.2014, 11:02 | #12 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hi Schrauber, diesmal hat es wie gewohnt funktioniert FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 Ran by Admin (administrator) on ADMIN-THINK on 18-11-2014 10:56:57 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Admin) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hypersoft GmbH) C:\Hypers-!\TerminalCommander.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-01-07] (Conexant systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\...\MountPoints2: {f68f5917-89be-11e0-846e-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation) Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hypersoft Terminal Commander.lnk ShortcutTarget: Hypersoft Terminal Commander.lnk -> C:\Hypers-!\MCP-!\TerminalCommander.exe (Hypersoft GmbH) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-655141181-1604168393-1177880679-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-655141181-1604168393-1177880679-1001 -> DefaultScope {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKU\S-1-5-21-655141181-1604168393-1177880679-1001 -> {084F1134-F62E-4AA3-834E-23245B9A3E25} URL = SearchScopes: HKU\S-1-5-21-655141181-1604168393-1177880679-1001 -> {DCA63C06-B30D-4178-93A3-8A3F957AFA11} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Hosts: 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kq2cjsy.default\Extensions\abs@avira.com [2014-10-26] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-04] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] () R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed] R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited) R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-12-11] (Lenovo Group Limited) [File not signed] S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-12-11] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-03-03] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-03-03] (Ericsson AB) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-11] (GFI Software) R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-05-29] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB) S1 MpKsl76dc7dea; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFFF6FB5-18AA-43CF-9270-5C84A051484C}\MpKsl76dc7dea.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X] S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-18 10:56 - 2014-11-18 10:58 - 00021756 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-11-18 10:56 - 2014-11-18 10:56 - 02117120 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-11-16 23:18 - 2014-11-16 23:18 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList 2014-11-16 22:25 - 2014-11-17 00:47 - 00000000 ____D () C:\Users\Admin\Documents\888poker 2014-11-16 22:25 - 2014-11-16 22:25 - 00002014 _____ () C:\Users\UpdatusUser\Desktop\888poker.lnk 2014-11-16 22:25 - 2014-11-16 22:25 - 00002014 _____ () C:\Users\Rene\Desktop\888poker.lnk 2014-11-16 22:25 - 2014-11-16 22:25 - 00002014 _____ () C:\Users\Admin\Desktop\888poker.lnk 2014-11-16 22:25 - 2014-11-16 22:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker 2014-11-16 22:25 - 2014-11-16 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker 2014-11-16 22:24 - 2014-11-16 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PacificPoker 2014-11-16 22:24 - 2014-11-16 22:25 - 00000000 ____D () C:\Program Files (x86)\PacificPoker 2014-11-16 22:19 - 2014-11-16 22:19 - 00302976 _____ (Random-Logic) C:\Users\Rene\Downloads\888poker_installer.exe 2014-11-16 14:01 - 2014-11-16 14:01 - 00854448 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-11-16 11:21 - 2014-11-16 11:21 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe 2014-11-14 11:40 - 2014-11-14 11:40 - 00001923 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-11-14 11:37 - 2014-11-14 11:37 - 00000000 ____D () C:\Windows\ERUNT 2014-11-14 11:34 - 2014-11-14 11:34 - 01706808 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-11-13 19:49 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 19:49 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 19:49 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 19:49 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 19:49 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 19:49 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 19:49 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 19:49 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 19:49 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 19:49 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 19:49 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 19:49 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 19:49 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 19:49 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 19:49 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 19:49 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 19:49 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 19:49 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 19:49 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 19:49 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 19:49 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 19:49 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 19:49 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 19:49 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 19:49 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 19:49 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 19:49 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 19:49 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 19:49 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 19:49 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 19:49 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 19:49 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 19:49 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 19:49 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 19:49 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 19:49 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 19:49 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 19:49 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 19:49 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 19:49 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 19:49 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 19:49 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 19:49 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 19:49 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 19:49 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 19:49 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 19:49 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 19:49 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 19:49 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 19:49 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 19:49 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 19:49 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 19:49 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 19:49 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 19:49 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 19:49 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 19:38 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 19:38 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 19:38 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 19:33 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 19:33 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 19:33 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 19:33 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 19:33 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 19:33 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 19:33 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 19:33 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 19:33 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 19:19 - 2014-11-13 19:25 - 00000000 ____D () C:\AdwCleaner 2014-11-13 19:10 - 2014-11-13 19:10 - 02140160 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.101.exe 2014-11-13 19:07 - 2014-11-13 19:07 - 00001203 _____ () C:\Users\Admin\Desktop\mbam.txt 2014-11-13 19:02 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 19:02 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 19:02 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 19:02 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 19:01 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 19:01 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 19:01 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 19:01 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 19:01 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 19:01 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 19:01 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 19:01 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 19:01 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 19:01 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 19:01 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 19:01 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 19:01 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 19:01 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 19:01 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 19:01 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 19:01 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 19:00 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 19:00 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 18:20 - 2014-11-13 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-13 18:20 - 2014-11-13 18:20 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-13 18:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-13 18:20 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-13 18:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-13 18:18 - 2014-11-13 18:18 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-11 22:06 - 2014-11-11 22:07 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe 2014-11-11 20:31 - 2014-11-18 10:57 - 00000000 ____D () C:\FRST 2014-11-11 13:14 - 2014-11-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-29 18:03 - 2014-11-08 11:20 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 19:31 - 2014-10-26 19:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-26 19:29 - 2014-10-26 19:29 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-10-26 19:29 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files\iTunes 2014-10-26 19:28 - 2014-10-26 19:29 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-26 19:28 - 2014-10-26 19:28 - 00000000 ____D () C:\Program Files\iPod 2014-10-26 19:23 - 2014-10-26 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-18 10:58 - 2011-05-29 08:11 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-11-18 10:58 - 2009-07-14 05:51 - 00237480 _____ () C:\Windows\setupact.log 2014-11-18 10:55 - 2011-05-29 08:11 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-11-18 10:54 - 2011-05-29 07:49 - 01185110 _____ () C:\Windows\WindowsUpdate.log 2014-11-18 10:54 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-18 10:54 - 2009-07-14 05:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-18 10:49 - 2011-11-28 12:53 - 00078452 _____ () C:\Windows\pvsw.log 2014-11-18 10:48 - 2011-07-06 14:25 - 00000000 ____D () C:\Hypers-! 2014-11-18 10:47 - 2011-05-29 08:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-18 10:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-17 18:25 - 2013-03-01 01:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-17 16:31 - 2011-05-29 17:39 - 08779458 _____ () C:\Windows\system32\perfh007.dat 2014-11-17 16:31 - 2011-05-29 17:39 - 02750898 _____ () C:\Windows\system32\perfc007.dat 2014-11-17 16:31 - 2009-07-14 06:13 - 02854938 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-17 10:10 - 2014-06-19 22:16 - 00000000 ____D () C:\Users\Rene\AppData\Local\MobileAccess 2014-11-17 10:09 - 2011-06-20 10:44 - 00000000 ____D () C:\Users\Rene\AppData\Local\CutePDF Writer 2014-11-16 16:12 - 2011-09-05 23:49 - 00000000 ____D () C:\Users\Rene\AppData\Local\CrashDumps 2014-11-16 14:36 - 2010-11-21 04:47 - 00669566 _____ () C:\Windows\PFRO.log 2014-11-16 14:23 - 2013-11-18 17:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Notepad++ 2014-11-16 14:23 - 2013-11-18 17:36 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-11-14 13:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-14 12:57 - 2009-07-14 03:34 - 00000759 _____ () C:\Windows\win.ini 2014-11-14 10:38 - 2009-07-14 05:45 - 00457792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 10:35 - 2014-05-01 08:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 10:18 - 2011-06-17 08:59 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-14 10:13 - 2013-11-26 10:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-14 10:06 - 2013-11-26 10:48 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 19:13 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-12 14:25 - 2013-03-01 01:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 14:25 - 2012-12-21 15:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 14:25 - 2011-06-17 09:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 14:02 - 2013-03-01 01:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-08 11:20 - 2014-08-08 15:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-08 11:20 - 2013-03-01 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-08 11:20 - 2013-03-01 00:32 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-06 18:18 - 2011-06-17 21:27 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\Apple Computer 2014-11-05 17:51 - 2011-06-20 14:44 - 00000000 ____D () C:\Users\Rene\AppData\Local\Microsoft Help 2014-11-04 18:42 - 2011-06-17 09:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 19:28 - 2014-05-10 22:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-26 19:28 - 2011-06-17 09:38 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-10-20 08:44 - 2014-06-19 22:26 - 00000000 ____D () C:\Users\Rene\AppData\Roaming\LSC Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\2d4b81b2-bd03-4417-9627-a605e8d0d3c3.exe C:\Users\Admin\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Admin\AppData\Local\Temp\AskSLib.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\converter.exe C:\Users\Admin\AppData\Local\Temp\InitBDE.exe C:\Users\Admin\AppData\Local\Temp\Install_Nokia_Ovi_Suite.exe C:\Users\Admin\AppData\Local\Temp\isutldll.dll C:\Users\Admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\NEventMessages.dll C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Admin\AppData\Local\Temp\npp.6.6.9.Installer.exe C:\Users\Admin\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Admin\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Admin\AppData\Local\Temp\nvStInst.exe C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\xerces-c_2_5_0.dll C:\Users\Admin\AppData\Local\Temp\xmlDeployer.exe C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe C:\Users\Rene\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Rene\AppData\Local\Temp\AskSLib.dll C:\Users\Rene\AppData\Local\Temp\avgnt.exe C:\Users\Rene\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 15:38 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014 Ran by Admin at 2014-11-18 10:59:27 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) .NET Framework-Sicherheitsrichtlinie für den Codezugriff auf Organisationsebene (x32 Version: 1.0.2411.0 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) 888poker (HKLM-x32\...\888poker) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC) Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35 - Research in Motion Ltd.) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research in Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research in Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited) FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time) Forte Free 2.0 (HKLM-x32\...\Forte Free) (Version: 2.0 - Lugert Verlag) Griaule FingerCap USB Driver vr. 1.2 (HKLM-x32\...\{87cd3511-c592-4fba-92e1-54416b3c83cc}_is1) (Version: 1.2 - Griaule Biometrics LTDA.) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation) Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - ) Lenovo Mobile Access (HKLM-x32\...\{3F0501BE-3203-4001-8125-BAA857C92F51}) (Version: 3.1.0.1268 - Lenovo) Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.1003.00 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.16 - Lenovo) Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.39 - PC-Doctor, Inc.) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB) Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation) NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) PC Connectivity Solution (HKLM-x32\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia) Pervasive System Analyzer (HKLM-x32\...\Pervasive System Analyzer) (Version: - ) Pervasive.SQL V8 Workgroup (v8.6) (HKLM-x32\...\{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}) (Version: 8.60.192.033 - Pervasive Software Inc. ) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - ) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo) RapidBoot (x32 Version: 1.00 - Lenovo) Hidden Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.31.0010.00 - Lenovo Group Limited) RICOH Media Driver v2.10.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.10.18.02 - RICOH) Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.1.75100 - Sonos, Inc.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.) ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.80 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo) TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel) Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel) Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia) Windows-Treiberpaket - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) (HKLM\...\77A943AB876C131591E0EA5DB6AB08D89EE2EA9E) (Version: 02/17/2011 15.2.14.0 - Synaptics) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-11-2014 21:03:51 Windows Update 12-11-2014 13:15:59 Windows Update 14-11-2014 09:03:29 Windows Update 17-11-2014 16:06:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-05-27 17:51 - 00000927 ____N C:\Windows\system32\Drivers\etc\hosts 192.168.2.11 HSPERFORMER # Hypersoft 27.05.2014 Remove the _ in >>>NO_EDIT<<< to prevent from changing ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01DE19CD-575C-44F9-ACAA-FB80B591DA43} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] () Task: {20B2EBA7-7F55-425E-B96A-82DA1BE3AF27} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe Task: {236F039D-A77D-4A32-8E83-ACECE026A409} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-12-09] (PC-Doctor, Inc.) Task: {2F513886-F691-483B-9C15-942CEED0145E} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe Task: {302D7E33-BABE-4BAA-9C4D-13D8A0416C6F} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo) Task: {391B750C-DE82-4840-94CC-1A679E58D581} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo) Task: {43D3E1CE-2E9B-499A-A082-BB49E9432B93} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo) Task: {59BB9DC0-ECFD-4134-AA16-D6BECB42BCEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {645D342F-CFB6-49CA-907F-61F5F518722F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-12-09] (PC-Doctor, Inc.) Task: {6AF1F617-785C-4D4E-B331-30A17609F0C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated) Task: {876D247D-5BE9-47E2-A776-52C0FF17C89C} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-12-09] () Task: {8DB7DAC7-2762-485F-BBC0-978A593E46BB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {93434123-DBBB-493B-BC62-52D2D4090AE2} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited) Task: {D4B8551F-B7AD-4FBB-A3BA-3003ED7305D9} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe Task: {DEB1CDDF-C58D-4C87-ABAB-1A55407CE073} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] () Task: {F4A4645B-220B-44E6-B49C-F824DAE278A1} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-20 10:43 - 2009-11-05 06:40 - 00085504 ____N () C:\Windows\System32\cpwmon64.dll 2010-12-17 12:53 - 2010-12-17 12:53 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-05-27 23:37 - 2013-10-29 01:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-05-29 08:03 - 2014-03-20 05:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-05-29 07:59 - 2010-10-26 04:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2011-05-29 08:00 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2009-05-27 21:09 - 2009-05-27 21:09 - 00049976 ____N () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe 2014-03-14 16:46 - 2014-03-14 16:46 - 00065880 _____ () C:\Program Files (x86)\Lenovo\Access Connections\ACSonyEricssonHlpr.dll 2011-05-29 07:59 - 2011-05-26 16:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll 2014-03-14 16:47 - 2014-03-14 16:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll 2014-06-19 10:33 - 2011-06-29 17:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 03289088 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1aa792a3\mscorlib.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02994176 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2d0ef846\system.windows.forms.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 01929216 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7ce1410a\system.dll 2011-11-28 13:03 - 2011-11-28 13:03 - 00835584 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8fdc6bfc\system.drawing.dll 2011-11-28 13:04 - 2011-11-28 13:04 - 02076672 ____N () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_41100e0a\system.xml.dll 2014-11-11 13:14 - 2014-11-11 13:14 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-12 14:25 - 2014-11-12 14:25 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-655141181-1604168393-1177880679-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-655141181-1604168393-1177880679-500 - Administrator - Disabled) ASPNET (S-1-5-21-655141181-1604168393-1177880679-1008 - Limited - Enabled) Gast (S-1-5-21-655141181-1604168393-1177880679-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655141181-1604168393-1177880679-1005 - Limited - Enabled) Rene (S-1-5-21-655141181-1604168393-1177880679-1003 - Limited - Enabled) => C:\Users\Rene Sonos (S-1-5-21-655141181-1604168393-1177880679-1009 - Limited - Enabled) tvsu_tmp_vlhaqUJFAL (S-1-5-21-655141181-1604168393-1177880679-1011 - Administrator - Enabled) UpdatusUser (S-1-5-21-655141181-1604168393-1177880679-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: MpKsl76dc7dea Description: MpKsl76dc7dea Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl76dc7dea Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2014 10:47:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/17/2014 04:31:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/17/2014 04:31:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/17/2014 04:31:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/17/2014 10:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/17/2014 10:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/17/2014 10:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/17/2014 10:07:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/17/2014 01:38:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/17/2014 01:38:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (11/18/2014 10:49:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/18/2014 10:49:37 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/18/2014 10:47:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\System32\IWMSSvc.dll Fehlercode: 87 Error: (11/18/2014 10:46:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/17/2014 04:29:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (11/17/2014 10:09:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (11/17/2014 10:09:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (11/17/2014 10:07:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\System32\IWMSSvc.dll Fehlercode: 87 Error: (11/17/2014 10:07:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/17/2014 01:37:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (09/09/2014 00:43:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 556 seconds with 240 seconds of active time. This session ended with a crash. Error: (09/09/2014 00:30:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 101 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/24/2014 11:31:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 695 seconds with 480 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:04:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 07:03:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 925 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:45:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/10/2014 06:44:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 99433 seconds with 7620 seconds of active time. This session ended with a crash. Error: (03/06/2014 02:58:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 97816 seconds with 6720 seconds of active time. This session ended with a crash. Error: (01/11/2014 00:18:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20615 seconds with 7200 seconds of active time. This session ended with a crash. Error: (10/21/2013 09:59:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-01-17 23:03:50.567 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.526 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.396 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.343 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.213 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.166 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:50.103 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-01-17 23:03:49.834 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 54% Total physical RAM: 3979.23 MB Available physical RAM: 1823.19 MB Total Pagefile: 7956.65 MB Available Pagefile: 5070.21 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.96 GB) (Free:254.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A52CF50E) Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Wie siehts mit meinem Rechner aus? Liebe Grüße Mamasrechner |
19.11.2014, 08:27 | #13 |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {2F513886-F691-483B-9C15-942CEED0145E} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.11.2014, 16:27 | #14 |
| Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen Hi Schrauber, hier der Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014 Ran by Admin at 2014-11-19 16:14:17 Run:1 Running from C:\Users\Admin\Desktop Loaded Profile: Admin (Available profiles: UpdatusUser & Admin & Admin) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {2F513886-F691-483B-9C15-942CEED0145E} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F513886-F691-483B-9C15-942CEED0145E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F513886-F691-483B-9C15-942CEED0145E}" => Key deleted successfully. C:\Windows\System32\Tasks\Lenovo\SROptimizer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\SROptimizer" => Key deleted successfully. EmptyTemp: => Removed 2.9 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== und wieso hatte ich überhaupt soviele Bugs? Bei mir läuft doch Avira die ganze Zeit. Ist es eigentlich problematisch, dass gleichzeitig auch Microsoft Security Essentials läuft? Bin jetzt doch ganz schön verunsichert. Könnten wir den Rechner meiner Frau auch mal checken? Liebe Grüße Mamasrechner |
20.11.2014, 09:39 | #15 | |
/// the machine /// TB-Ausbilder | Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Falsche Telekomrechnung geöffnet - Trojaner möglicherweise eingefangen |
angeblich, eingefangen, feedback, fehlercode 24, fehlercode 87, festgestellt, gefangen, möglicherweise, pwmtr64v.dll, system, telekomrechnung, trojaner, trojanermail, weiterhelfen, win32/downloadadmin.g, win32/downloadsponsor.a, win32/hao123.a, win32/softonicdownloader.a, win32/startpage.oph, win32/toolbar.visicom.a, win32/toolbar.visicom.b |