Hallo,
ich habe vor kurzem das neue Avira free 2015 heruntergeladen und dabei eine Maleware mit installiert. Das Programm heißt PicColor.
Ich habe dann mit der Deinstallation versucht. Was nicht funktioniert hat. Dann habe ich das Programm Malewarebyte versucht und AdwCleaner.

Bei AdwCleaner kommt dann unter Dateien:
C/Windows\system32\drivers\cmwr.sys und
C/Windows\system32\drivers\cmwf.sys

Und unter Dienste:
CMWFP
CMWR
CMWF


Und ich bringe es einfach nicht weg. Was kann ich tun.

AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 19:10:00
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Horst - LENOVO-PC
# Gestartet von : C:\Users\Horst\Downloads\AdwCleaner09.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : cmwf
Dienst Gefunden : cmwr
Dienst Gefunden : CMWFP

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\WINDOWS\System32\drivers\cmwf.sys
Datei Gefunden : C:\WINDOWS\System32\drivers\cmwr.sys

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [5931 octets] - [31/01/2015 14:52:22]
AdwCleaner[R10].txt - [853 octets] - [31/01/2015 19:10:00]
AdwCleaner[R1].txt - [1201 octets] - [31/01/2015 15:14:18]
AdwCleaner[R2].txt - [1321 octets] - [31/01/2015 15:22:40]
AdwCleaner[R3].txt - [1903 octets] - [31/01/2015 15:30:16]
AdwCleaner[R4].txt - [1963 octets] - [31/01/2015 16:30:36]
AdwCleaner[R5].txt - [1621 octets] - [31/01/2015 16:54:59]
AdwCleaner[R6].txt - [1741 octets] - [31/01/2015 17:49:10]
AdwCleaner[R7].txt - [6655 octets] - [31/01/2015 18:02:04]
AdwCleaner[R8].txt - [2055 octets] - [31/01/2015 18:46:09]
AdwCleaner[R9].txt - [2175 octets] - [31/01/2015 18:54:58]
AdwCleaner[S0].txt - [5348 octets] - [31/01/2015 14:57:57]
AdwCleaner[S1].txt - [1240 octets] - [31/01/2015 15:16:51]
AdwCleaner[S2].txt - [1390 octets] - [31/01/2015 15:25:27]
AdwCleaner[S3].txt - [2036 octets] - [31/01/2015 16:32:30]
AdwCleaner[S4].txt - [1690 octets] - [31/01/2015 17:16:10]
AdwCleaner[S5].txt - [5807 octets] - [31/01/2015 18:03:30]
AdwCleaner[S6].txt - [2120 octets] - [31/01/2015 18:49:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [1873 octets] ##########

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
• Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
• Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
• Poste die Logfiles direkt in Deinen Thread in Code-Tags.
• Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

[CODE]
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Horst (administrator) on LENOVO-PC on 31-01-2015 19:50:31
Running from C:\Users\Horst\Downloads
Loaded Profiles: Horst (Available profiles: Horst)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Farbar) C:\Users\Horst\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-17] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [{bd538030-07d4-4999-a525-7fafa2483f56}] => C:\ProgramData\Package Cache\{bd538030-07d4-4999-a525-7fafa2483f56}\Avira.OE.Setup.Bundle.exe [780168 2015-01-31] (Avira Operations & Co. KG) <===== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50860;https=127.0.0.1:50860
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001 -> {33D05E57-C077-4D86-A7D7-4A958C8D0274} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Google Drive) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (Google-Suche) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Google Tabellen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Google Mail) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-17] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-31] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065728 2013-09-26] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:50 - 2015-01-31 19:51 - 00016742 _____ () C:\Users\Horst\Downloads\FRST.txt
2015-01-31 19:50 - 2015-01-31 19:50 - 00000000 ____D () C:\FRST
2015-01-31 19:49 - 2015-01-31 19:49 - 02130944 _____ (Farbar) C:\Users\Horst\Downloads\FRST64 (1).exe
2015-01-31 19:48 - 2015-01-31 19:49 - 02130944 _____ (Farbar) C:\Users\Horst\Downloads\FRST64.exe
2015-01-31 19:46 - 2015-01-31 19:46 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws (1).exe
2015-01-31 19:46 - 2015-01-31 19:46 - 00000000 ____D () C:\OETemp
2015-01-31 19:37 - 2015-01-31 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 19:37 - 2015-01-31 19:37 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 19:37 - 2015-01-31 19:37 - 00000000 ____D () C:\ProgramData\Avira
2015-01-31 19:37 - 2015-01-31 19:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 19:36 - 2015-01-31 19:36 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws.exe
2015-01-31 19:06 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT (1).exe
2015-01-31 19:06 - 2015-01-31 19:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-31 19:05 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT.exe
2015-01-31 18:51 - 2015-01-31 18:51 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Horst.job
2015-01-31 17:59 - 2015-01-31 18:51 - 00002398 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Horst
2015-01-31 17:59 - 2015-01-31 17:59 - 00001283 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-31 17:59 - 2015-01-31 17:59 - 00001259 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-31 15:52 - 2015-01-31 18:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:52 - 2015-01-31 15:52 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 15:40 - 2015-01-31 15:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Horst\Downloads\mbam-setup-majorgeeks-2.0.4.1028.exe
2015-01-31 15:28 - 2015-01-31 15:28 - 00000000 ____D () C:\Users\Horst\AppData\IObit
2015-01-31 15:22 - 2015-01-31 15:22 - 00000925 _____ () C:\Users\Horst\Downloads\Dokumente - Verknüpfung.lnk
2015-01-31 15:22 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-31 14:51 - 2015-01-31 19:33 - 00000000 ____D () C:\AdwCleaner
2015-01-31 14:50 - 2015-01-31 14:51 - 02194432 _____ () C:\Users\Horst\Downloads\AdwCleaner09.exe
2015-01-22 22:50 - 2015-01-31 15:29 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\ProgramData\IObit
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-22 22:49 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\IObit
2015-01-22 22:48 - 2015-01-22 22:49 - 15971616 _____ (IObit) C:\Users\Horst\Downloads\iobit426uninstaller.exe
2015-01-22 21:11 - 2015-01-22 21:11 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F}
2015-01-22 20:37 - 2015-01-31 15:43 - 00027648 ___SH () C:\Users\Horst\Downloads\Thumbs.db
2015-01-22 20:37 - 2015-01-22 20:37 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlg
2015-01-22 20:24 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-22 20:24 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-22 20:23 - 2015-01-22 20:23 - 00613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
2015-01-15 22:19 - 2015-01-15 22:19 - 00000000 ____D () C:\Users\Horst\AppData\Local\Microsoft Help
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (8).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (7).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (6).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (5).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (4).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe.xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (3).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (2).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (1).xls
2015-01-13 23:09 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 23:09 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 23:09 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 23:09 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 23:09 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 23:09 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 23:09 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 23:09 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 23:09 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 23:09 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:49 - 2014-09-17 01:02 - 01461277 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 19:42 - 2014-11-30 16:59 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2592821730-2572488457-1247367961-1001
2015-01-31 19:37 - 2014-09-17 02:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 19:22 - 2014-11-30 17:17 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 19:11 - 2014-11-30 19:00 - 00005138 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Horst Lenovo-PC
2015-01-31 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 19:00 - 2013-08-22 15:46 - 00034114 _____ () C:\WINDOWS\setupact.log
2015-01-31 18:50 - 2014-11-30 17:17 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 18:50 - 2014-11-30 16:55 - 00000000 ___DO () C:\Users\Horst\OneDrive
2015-01-31 18:50 - 2014-03-18 10:44 - 00105152 _____ () C:\WINDOWS\PFRO.log
2015-01-31 18:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 18:49 - 2014-09-17 02:18 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-31 18:42 - 2014-09-17 02:08 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-31 18:03 - 2014-11-30 17:21 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 18:03 - 2014-11-30 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 18:03 - 2014-11-30 16:53 - 00001018 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 18:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-31 15:27 - 2014-12-16 20:41 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Skype
2015-01-31 15:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 15:21 - 2014-11-30 17:10 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72B0F1E4-A2C9-4D61-8158-CC1C6C339BA3}
2015-01-31 14:49 - 2014-11-30 16:52 - 00000000 ____D () C:\Users\Horst\AppData\Local\Pokki
2015-01-30 12:48 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 11:23 - 2014-09-17 10:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-25 11:23 - 2014-09-17 10:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-25 11:23 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 21:20 - 2014-12-18 20:34 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 20:34 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 21:16 - 2014-09-17 02:18 - 00009904 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2015-01-22 20:48 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-01-22 20:14 - 2014-09-17 02:10 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-22 20:12 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-21 20:19 - 2013-08-22 15:44 - 00518456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-21 20:15 - 2014-12-07 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-21 20:08 - 2014-12-07 13:21 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-02 09:46 - 2014-11-30 19:03 - 00002345 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

==================== Files in the root of some directories =======

2015-01-22 20:23 - 2015-01-22 20:23 - 0613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
2014-09-17 01:31 - 2014-09-17 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-30 17:54 - 2014-11-30 18:20 - 0001973 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\Package Cache\{bd538030-07d4-4999-a525-7fafa2483f56}\Avira.OE.Setup.Bundle.exe


Some content of TEMP:
====================
C:\Users\Horst\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Horst\AppData\Local\Temp\oct31FE.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct417.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct7B2C.tmp.exe
C:\Users\Horst\AppData\Local\Temp\octAE06.tmp.exe
C:\Users\Horst\AppData\Local\Temp\Quarantine.exe
C:\Users\Horst\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Horst\AppData\Local\Temp\SPSetup.exe
C:\Users\Horst\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 18:35

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Horst at 2015-01-31 19:51:31
Running from C:\Users\Horst\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.926.1 - Vimicro)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skypeâ„¢ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-01-2015 19:31:04 Windows Update
22-01-2015 21:20:27 Removed Microsoft Silverlight
30-01-2015 12:46:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D29C506-B793-4738-9ABF-9957F26BFE6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Horst Lenovo-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {4431625A-D59C-4863-9D57-E33FC8630780} - System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F} => pcalua.exe -a "C:\ProgramData\PicColor Utility\uninstall.exe"
Task: {4762C1CB-E5D9-4A22-A6FD-55D6D76069DB} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-29] (Lenovo)
Task: {56EC53F2-4D12-45DD-A661-06B8B0356D6F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2592821730-2572488457-1247367961-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6127DF7A-A1DC-4E4D-8213-2B50DF5F602C} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {64931CD2-73E3-418B-8046-CCB28C684708} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-21] (Microsoft Corporation)
Task: {8285ED13-6075-4B31-8A06-A48ADE00494D} - System32\Tasks\Uninstaller_SkipUac_Horst => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-22] (IObit)
Task: {85FE98D3-62A7-40C8-8FAF-1C1FE9BD8916} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {9879F8C0-43E5-4136-8678-62A5FDEA4A0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A557835A-ACB0-456D-86FA-FD5FC31795D1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {AC43A5C9-03D0-4A23-857F-50BA88F3948A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {AC699916-5B29-44C9-9FC6-CDBBC3A77807} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BC26535F-147F-431E-9DEB-24B80AE2A357} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {C7EB1F6B-D561-467D-8078-B098B88633FD} - \GNVLNUPDH No Task File <==== ATTENTION
Task: {C9C664A0-0D38-4F66-A74B-237756CBCE57} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {D34D1BFD-39F9-425A-810D-503FF0A032A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {E599A5C8-3869-4530-9CD1-51E6719BBC32} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {F0248839-AA09-40E7-A704-DE37B36FE3A6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Horst.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-09-04 19:13 - 2013-09-04 19:13 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-11-30 18:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-17 02:13 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-17 02:18 - 2014-09-17 02:18 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-09-17 02:18 - 2014-09-17 02:18 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-01-22 22:50 - 2015-01-22 22:50 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-12-05 20:04 - 2014-12-05 20:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-09-17 01:29 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Horst\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2592821730-2572488457-1247367961-500 - Administrator - Disabled)
Gast (S-1-5-21-2592821730-2572488457-1247367961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2592821730-2572488457-1247367961-1003 - Limited - Enabled)
Horst (S-1-5-21-2592821730-2572488457-1247367961-1001 - Administrator - Enabled) => C:\Users\Horst

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/31/2015 07:38:52 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:38:22 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:37:44 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:37:14 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:36:44 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:11:16 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:10:46 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 07:10:16 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 3550M @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 4020.27 MB
Available physical RAM: 2348.95 MB
Total Pagefile: 4724.27 MB
Available Pagefile: 2936.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.18 GB) (Free:842.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 621D5AB2)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Code: Alles auswählenAufklappen

ATTFilter

# Gestartet von : C:\Users\Horst\Downloads\AdwCleaner09.exe
# Option : Suchen
         

Lass den Adwcleaner mal laufen und wähle dann "Löschen". (habe aber schon gelesen dass es da Probleme gibt)

Schritt 1

• Schließe alle offenen Programme und Browser.
• Starte bitte Adwarecleaner.
• Akzeptiere die Nutzungsbedingungen.
• Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
• Klicke nun auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
  Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 20:07:49
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Horst - LENOVO-PC
# Gestartet von : C:\Users\Horst\Downloads\AdwCleaner09.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : cmwf
[#] Dienst Gelöscht : cmwr
[#] Dienst Gelöscht : CMWFP

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\System32\drivers\cmwr.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\cmwf.sys

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [5931 octets] - [31/01/2015 14:52:22]
AdwCleaner[R10].txt - [1954 octets] - [31/01/2015 19:10:00]
AdwCleaner[R11].txt - [2015 octets] - [31/01/2015 20:05:55]
AdwCleaner[R1].txt - [1201 octets] - [31/01/2015 15:14:18]
AdwCleaner[R2].txt - [1321 octets] - [31/01/2015 15:22:40]
AdwCleaner[R3].txt - [1903 octets] - [31/01/2015 15:30:16]
AdwCleaner[R4].txt - [1963 octets] - [31/01/2015 16:30:36]
AdwCleaner[R5].txt - [1621 octets] - [31/01/2015 16:54:59]
AdwCleaner[R6].txt - [1741 octets] - [31/01/2015 17:49:10]
AdwCleaner[R7].txt - [6655 octets] - [31/01/2015 18:02:04]
AdwCleaner[R8].txt - [2055 octets] - [31/01/2015 18:46:09]
AdwCleaner[R9].txt - [2175 octets] - [31/01/2015 18:54:58]
AdwCleaner[S0].txt - [5348 octets] - [31/01/2015 14:57:57]
AdwCleaner[S1].txt - [1240 octets] - [31/01/2015 15:16:51]
AdwCleaner[S2].txt - [1390 octets] - [31/01/2015 15:25:27]
AdwCleaner[S3].txt - [2036 octets] - [31/01/2015 16:32:30]
AdwCleaner[S4].txt - [1690 octets] - [31/01/2015 17:16:10]
AdwCleaner[S5].txt - [5807 octets] - [31/01/2015 18:03:30]
AdwCleaner[S6].txt - [2120 octets] - [31/01/2015 18:49:44]
AdwCleaner[S7].txt - [1944 octets] - [31/01/2015 20:07:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2004 octets] ##########
         

OK,
dann schauen wir uns ein frisches FRST an. Bitte:

Schritt 1



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Horst (administrator) on LENOVO-PC on 31-01-2015 20:40:32
Running from C:\Users\Horst\Downloads
Loaded Profiles: Horst (Available profiles: Horst)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-17] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50860;https=127.0.0.1:50860
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001 -> {33D05E57-C077-4D86-A7D7-4A958C8D0274} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Google Drive) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (Google-Suche) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Google Tabellen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Google Mail) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-17] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-31] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065728 2013-09-26] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 19:52 - 2015-01-31 19:52 - 00032057 _____ () C:\Users\Horst\Desktop\FRST.txt
2015-01-31 19:52 - 2015-01-31 19:52 - 00018986 _____ () C:\Users\Horst\Desktop\Addition.txt
2015-01-31 19:51 - 2015-01-31 19:51 - 00018986 _____ () C:\Users\Horst\Downloads\Addition.txt
2015-01-31 19:50 - 2015-01-31 20:40 - 00016714 _____ () C:\Users\Horst\Downloads\FRST.txt
2015-01-31 19:50 - 2015-01-31 20:40 - 00000000 ____D () C:\FRST
2015-01-31 19:49 - 2015-01-31 19:49 - 02130944 _____ (Farbar) C:\Users\Horst\Downloads\FRST64 (1).exe
2015-01-31 19:48 - 2015-01-31 19:49 - 02130944 _____ (Farbar) C:\Users\Horst\Downloads\FRST64.exe
2015-01-31 19:46 - 2015-01-31 20:02 - 00000000 ____D () C:\OETemp
2015-01-31 19:46 - 2015-01-31 19:46 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws (1).exe
2015-01-31 19:37 - 2015-01-31 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 19:37 - 2015-01-31 19:37 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 19:37 - 2015-01-31 19:37 - 00000000 ____D () C:\ProgramData\Avira
2015-01-31 19:37 - 2015-01-31 19:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 19:36 - 2015-01-31 19:36 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws.exe
2015-01-31 19:06 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT (1).exe
2015-01-31 19:06 - 2015-01-31 19:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-31 19:05 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT.exe
2015-01-31 18:51 - 2015-01-31 18:51 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Horst.job
2015-01-31 17:59 - 2015-01-31 18:51 - 00002398 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Horst
2015-01-31 17:59 - 2015-01-31 17:59 - 00001283 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-31 17:59 - 2015-01-31 17:59 - 00001259 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-31 15:52 - 2015-01-31 18:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:52 - 2015-01-31 15:52 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 15:40 - 2015-01-31 15:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Horst\Downloads\mbam-setup-majorgeeks-2.0.4.1028.exe
2015-01-31 15:28 - 2015-01-31 15:28 - 00000000 ____D () C:\Users\Horst\AppData\IObit
2015-01-31 15:22 - 2015-01-31 15:22 - 00000925 _____ () C:\Users\Horst\Downloads\Dokumente - Verknüpfung.lnk
2015-01-31 15:22 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-31 14:51 - 2015-01-31 20:14 - 00000000 ____D () C:\AdwCleaner
2015-01-31 14:50 - 2015-01-31 14:51 - 02194432 _____ () C:\Users\Horst\Downloads\AdwCleaner09.exe
2015-01-22 22:50 - 2015-01-31 15:29 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\ProgramData\IObit
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-22 22:49 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\IObit
2015-01-22 22:48 - 2015-01-22 22:49 - 15971616 _____ (IObit) C:\Users\Horst\Downloads\iobit426uninstaller.exe
2015-01-22 21:11 - 2015-01-22 21:11 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F}
2015-01-22 20:37 - 2015-01-31 15:43 - 00027648 ___SH () C:\Users\Horst\Downloads\Thumbs.db
2015-01-22 20:37 - 2015-01-22 20:37 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlg
2015-01-22 20:24 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-22 20:24 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-22 20:23 - 2015-01-22 20:23 - 00613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
2015-01-15 22:19 - 2015-01-15 22:19 - 00000000 ____D () C:\Users\Horst\AppData\Local\Microsoft Help
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (8).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (7).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (6).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (5).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (4).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe.xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (3).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (2).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (1).xls
2015-01-13 23:09 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 23:09 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 23:09 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 23:09 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 23:09 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 23:09 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 23:09 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 23:09 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 23:09 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 23:09 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 20:30 - 2014-11-30 19:00 - 00005138 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Horst Lenovo-PC
2015-01-31 20:22 - 2014-11-30 17:17 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 20:19 - 2014-11-30 16:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2592821730-2572488457-1247367961-1001
2015-01-31 20:18 - 2013-08-22 15:46 - 00034495 _____ () C:\WINDOWS\setupact.log
2015-01-31 20:10 - 2014-11-30 16:55 - 00000000 ___DO () C:\Users\Horst\OneDrive
2015-01-31 20:09 - 2014-11-30 17:17 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 20:08 - 2014-09-17 01:02 - 01481694 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 20:08 - 2014-03-18 10:44 - 00105462 _____ () C:\WINDOWS\PFRO.log
2015-01-31 20:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 20:07 - 2014-09-17 02:18 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-31 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 19:37 - 2014-09-17 02:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 18:42 - 2014-09-17 02:08 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-31 18:03 - 2014-11-30 17:21 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 18:03 - 2014-11-30 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 18:03 - 2014-11-30 16:53 - 00001018 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 18:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-31 15:27 - 2014-12-16 20:41 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Skype
2015-01-31 15:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 15:21 - 2014-11-30 17:10 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72B0F1E4-A2C9-4D61-8158-CC1C6C339BA3}
2015-01-31 14:49 - 2014-11-30 16:52 - 00000000 ____D () C:\Users\Horst\AppData\Local\Pokki
2015-01-30 12:48 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 11:23 - 2014-09-17 10:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-25 11:23 - 2014-09-17 10:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-25 11:23 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 21:20 - 2014-12-18 20:34 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 20:34 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 21:16 - 2014-09-17 02:18 - 00009904 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2015-01-22 20:48 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-01-22 20:14 - 2014-09-17 02:10 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-22 20:12 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-21 20:19 - 2013-08-22 15:44 - 00518456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-21 20:15 - 2014-12-07 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-21 20:08 - 2014-12-07 13:21 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-02 09:46 - 2014-11-30 19:03 - 00002345 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

==================== Files in the root of some directories =======

2015-01-22 20:23 - 2015-01-22 20:23 - 0613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
2014-09-17 01:31 - 2014-09-17 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-30 17:54 - 2014-11-30 18:20 - 0001973 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Horst\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Horst\AppData\Local\Temp\oct31FE.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct417.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct7B2C.tmp.exe
C:\Users\Horst\AppData\Local\Temp\octAE06.tmp.exe
C:\Users\Horst\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Horst\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 18:35

==================== End Of Log ============================
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Horst at 2015-01-31 20:43:22
Running from C:\Users\Horst\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.926.1 - Vimicro)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Horst\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-01-2015 19:31:04 Windows Update
22-01-2015 21:20:27 Removed Microsoft Silverlight
30-01-2015 12:46:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D29C506-B793-4738-9ABF-9957F26BFE6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Horst Lenovo-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {4431625A-D59C-4863-9D57-E33FC8630780} - System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F} => pcalua.exe -a "C:\ProgramData\PicColor Utility\uninstall.exe"
Task: {4762C1CB-E5D9-4A22-A6FD-55D6D76069DB} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-29] (Lenovo)
Task: {56EC53F2-4D12-45DD-A661-06B8B0356D6F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2592821730-2572488457-1247367961-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6127DF7A-A1DC-4E4D-8213-2B50DF5F602C} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {64931CD2-73E3-418B-8046-CCB28C684708} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-21] (Microsoft Corporation)
Task: {8285ED13-6075-4B31-8A06-A48ADE00494D} - System32\Tasks\Uninstaller_SkipUac_Horst => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-22] (IObit)
Task: {85FE98D3-62A7-40C8-8FAF-1C1FE9BD8916} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {9879F8C0-43E5-4136-8678-62A5FDEA4A0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {A557835A-ACB0-456D-86FA-FD5FC31795D1} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {AC43A5C9-03D0-4A23-857F-50BA88F3948A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {AC699916-5B29-44C9-9FC6-CDBBC3A77807} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BC26535F-147F-431E-9DEB-24B80AE2A357} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {C7EB1F6B-D561-467D-8078-B098B88633FD} - \GNVLNUPDH No Task File <==== ATTENTION
Task: {C9C664A0-0D38-4F66-A74B-237756CBCE57} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {D34D1BFD-39F9-425A-810D-503FF0A032A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {E599A5C8-3869-4530-9CD1-51E6719BBC32} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {F0248839-AA09-40E7-A704-DE37B36FE3A6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Horst.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-09-04 19:13 - 2013-09-04 19:13 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-11-30 18:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-17 02:13 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-17 02:18 - 2014-09-17 02:18 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-09-17 02:18 - 2014-09-17 02:18 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-01-22 22:50 - 2015-01-22 22:50 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 15:23 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-09-17 01:29 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-05 20:04 - 2014-12-05 20:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Horst\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2592821730-2572488457-1247367961-500 - Administrator - Disabled)
Gast (S-1-5-21-2592821730-2572488457-1247367961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2592821730-2572488457-1247367961-1003 - Limited - Enabled)
Horst (S-1-5-21-2592821730-2572488457-1247367961-1001 - Administrator - Enabled) => C:\Users\Horst

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 08:08:43 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 08:03:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/31/2015 08:03:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/31/2015 08:02:39 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (01/31/2015 08:08:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CMWFP" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/31/2015 08:08:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 126

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NitroPDFDriverCreatorReadSpool9" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nalpeiron Licensing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 08:07:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 08:08:43 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 08:03:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Horst\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (01/31/2015 08:03:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Horst\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (01/31/2015 08:02:39 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 3550M @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4020.27 MB
Available physical RAM: 2392 MB
Total Pagefile: 4724.27 MB
Available Pagefile: 2910.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.18 GB) (Free:842.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 621D5AB2)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Kannst Du bitte mal das Malwarebytes-Log posten? Oder auch nen neuen Scan machen:

Schritt 1

• Starte Malwarebytes' Anti-Malware (MBAM).
• Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
• Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
• Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
• Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.02.2015
Suchlauf-Zeit: 13:46:55
Logdatei: Maleware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.01.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Horst

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342623
Verstrichene Zeit: 35 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code: Alles auswählenAufklappen

ATTFilter

CloseProcesses:
Task: {4431625A-D59C-4863-9D57-E33FC8630780} - System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F} => pcalua.exe -a "C:\ProgramData\PicColor Utility\uninstall.exe"
C:\ProgramData\PicColor Utility
Task: {C7EB1F6B-D561-467D-8078-B098B88633FD} - \GNVLNUPDH No Task File 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50860;https=127.0.0.1:50860
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001 -> {33D05E57-C077-4D86-A7D7-4A958C8D0274} URL = 
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]
2015-01-22 20:24 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-22 20:24 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-22 20:23 - 2015-01-22 20:23 - 00613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
REG: reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
         

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

• Starte FRST und drücke auf den Fix-Button.
• Das Tool erstellt eine "Fixlog.txt" -Datei.
• Poste mir bitte deren Inhalt.

Der PC startet neu!

Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Horst at 2015-02-01 14:51:58 Run:1
Running from C:\Users\Horst\Downloads
Loaded Profiles: Horst (Available profiles: Horst)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Task: {4431625A-D59C-4863-9D57-E33FC8630780} - System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F} => pcalua.exe -a "C:\ProgramData\PicColor Utility\uninstall.exe"
C:\ProgramData\PicColor Utility
Task: {C7EB1F6B-D561-467D-8078-B098B88633FD} - \GNVLNUPDH No Task File 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50860;https=127.0.0.1:50860
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2592821730-2572488457-1247367961-1001 -> {33D05E57-C077-4D86-A7D7-4A958C8D0274} URL = 
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]
2015-01-22 20:24 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-22 20:24 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-22 20:23 - 2015-01-22 20:23 - 00613057 _____ (CMI Limited) C:\Users\Horst\AppData\Local\nst2B5A.tmp
REG: reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4431625A-D59C-4863-9D57-E33FC8630780}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4431625A-D59C-4863-9D57-E33FC8630780}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F68E8A7B-3609-4807-83D5-B31EC587B65F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F68E8A7B-3609-4807-83D5-B31EC587B65F}" => Key deleted successfully.
"C:\ProgramData\PicColor Utility" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7EB1F6B-D561-467D-8078-B098B88633FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7EB1F6B-D561-467D-8078-B098B88633FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GNVLNUPDH" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33D05E57-C077-4D86-A7D7-4A958C8D0274}" => Key deleted successfully.
HKCR\CLSID\{33D05E57-C077-4D86-A7D7-4A958C8D0274} => Key not found. 
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
CMWFP => Error deleting Service
Could not move "C:\WINDOWS\system32\Drivers\cmwr.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\cmwf.sys" => Scheduled to move on reboot.
C:\Users\Horst\AppData\Local\nst2B5A.tmp => Moved successfully.

========= reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg add "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-01 14:53:15)<=

"C:\WINDOWS\system32\Drivers\cmwr.sys" => File could not move.
"C:\WINDOWS\system32\Drivers\cmwf.sys" => File could not move.

==== End of Fixlog 14:53:15 ====
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Horst (administrator) on LENOVO-PC on 01-02-2015 14:57:17
Running from C:\Users\Horst\Downloads
Loaded Profiles: Horst (Available profiles: Horst)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-17] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2592821730-2572488457-1247367961-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50860;https=127.0.0.1:50860
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Google Drive) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (Google-Suche) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Google Tabellen) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (Google Wallet) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Google Mail) - C:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-17] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-31] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065728 2013-09-26] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 14:51 - 2015-02-01 14:51 - 00000000 ____D () C:\Users\Horst\Downloads\FRST-OlderVersion
2015-02-01 14:38 - 2015-02-01 14:38 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-01 14:38 - 2015-02-01 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-01 14:38 - 2015-02-01 14:38 - 00000000 ____D () C:\ProgramData\Avira
2015-02-01 14:38 - 2015-02-01 14:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-01 14:37 - 2015-02-01 14:38 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5821234446__ws.exe
2015-02-01 14:24 - 2015-02-01 14:24 - 00001192 _____ () C:\Users\Horst\Desktop\Maleware.txt
2015-01-31 20:41 - 2015-01-31 20:41 - 00032062 _____ () C:\Users\Horst\Downloads\FRST1.txt
2015-01-31 19:52 - 2015-01-31 19:52 - 00032057 _____ () C:\Users\Horst\Desktop\FRST.txt
2015-01-31 19:52 - 2015-01-31 19:52 - 00018986 _____ () C:\Users\Horst\Desktop\Addition.txt
2015-01-31 19:51 - 2015-01-31 20:43 - 00024981 _____ () C:\Users\Horst\Downloads\Addition.txt
2015-01-31 19:50 - 2015-02-01 14:57 - 00016484 _____ () C:\Users\Horst\Downloads\FRST.txt
2015-01-31 19:50 - 2015-02-01 14:57 - 00000000 ____D () C:\FRST
2015-01-31 19:48 - 2015-02-01 14:51 - 02131456 _____ (Farbar) C:\Users\Horst\Downloads\FRST64.exe
2015-01-31 19:46 - 2015-02-01 14:33 - 00000000 ____D () C:\OETemp
2015-01-31 19:46 - 2015-01-31 19:46 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws (1).exe
2015-01-31 19:36 - 2015-01-31 19:36 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Horst\Downloads\avira_de_av_5819538469__ws.exe
2015-01-31 19:06 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT (1).exe
2015-01-31 19:06 - 2015-01-31 19:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-31 19:05 - 2015-01-31 19:06 - 01707939 _____ (Thisisu) C:\Users\Horst\Downloads\JRT.exe
2015-01-31 18:51 - 2015-02-01 14:39 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Horst.job
2015-01-31 17:59 - 2015-02-01 14:33 - 00002398 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Horst
2015-01-31 17:59 - 2015-01-31 17:59 - 00001283 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-31 17:59 - 2015-01-31 17:59 - 00001259 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-31 15:52 - 2015-02-01 13:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:52 - 2015-01-31 15:52 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-31 15:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-31 15:40 - 2015-01-31 15:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Horst\Downloads\mbam-setup-majorgeeks-2.0.4.1028.exe
2015-01-31 15:28 - 2015-01-31 15:28 - 00000000 ____D () C:\Users\Horst\AppData\IObit
2015-01-31 15:22 - 2015-01-31 15:22 - 00000925 _____ () C:\Users\Horst\Downloads\Dokumente - Verknüpfung.lnk
2015-01-31 15:22 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-31 14:51 - 2015-01-31 20:14 - 00000000 ____D () C:\AdwCleaner
2015-01-31 14:50 - 2015-01-31 14:51 - 02194432 _____ () C:\Users\Horst\Downloads\AdwCleaner09.exe
2015-01-22 22:50 - 2015-01-31 15:29 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\ProductData
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\ProgramData\IObit
2015-01-22 22:50 - 2015-01-22 22:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-22 22:49 - 2015-01-22 22:50 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\IObit
2015-01-22 22:48 - 2015-01-22 22:49 - 15971616 _____ (IObit) C:\Users\Horst\Downloads\iobit426uninstaller.exe
2015-01-22 20:37 - 2015-01-31 15:43 - 00027648 ___SH () C:\Users\Horst\Downloads\Thumbs.db
2015-01-22 20:37 - 2015-01-22 20:37 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\dlg
2015-01-22 20:24 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-22 20:24 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-15 22:19 - 2015-01-15 22:19 - 00000000 ____D () C:\Users\Horst\AppData\Local\Microsoft Help
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (8).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (7).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (6).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (5).xls
2015-01-15 22:16 - 2015-01-15 22:16 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (4).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe.xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (3).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (2).xls
2015-01-15 22:15 - 2015-01-15 22:15 - 00049152 _____ () C:\Users\Horst\Downloads\kalender-2015-querformat-in-farbe (1).xls
2015-01-13 23:09 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 23:09 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 23:09 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 23:09 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 23:09 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 23:09 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 23:09 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 23:09 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 23:09 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 23:09 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 23:09 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 23:09 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 23:09 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 23:09 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 23:09 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 23:09 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 23:09 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 14:55 - 2014-11-30 19:00 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-Horst Lenovo-PC
2015-02-01 14:55 - 2014-11-30 16:55 - 00000000 __RDO () C:\Users\Horst\OneDrive
2015-02-01 14:53 - 2014-11-30 17:17 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 14:52 - 2014-09-17 02:18 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-01 14:52 - 2014-03-18 10:44 - 00106174 _____ () C:\WINDOWS\PFRO.log
2015-02-01 14:52 - 2013-08-22 15:46 - 00035025 _____ () C:\WINDOWS\setupact.log
2015-02-01 14:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-01 14:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 14:49 - 2014-09-17 01:02 - 01587623 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-01 14:44 - 2014-11-30 16:59 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2592821730-2572488457-1247367961-1001
2015-02-01 14:38 - 2014-09-17 02:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 14:35 - 2014-11-30 17:10 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{72B0F1E4-A2C9-4D61-8158-CC1C6C339BA3}
2015-02-01 14:22 - 2014-11-30 17:17 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 18:42 - 2014-09-17 02:08 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-31 18:03 - 2014-11-30 17:21 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 18:03 - 2014-11-30 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 18:03 - 2014-11-30 16:53 - 00001018 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 15:27 - 2014-12-16 20:41 - 00000000 ____D () C:\Users\Horst\AppData\Roaming\Skype
2015-01-31 15:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-31 14:49 - 2014-11-30 16:52 - 00000000 ____D () C:\Users\Horst\AppData\Local\Pokki
2015-01-30 12:48 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 11:23 - 2014-09-17 10:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-25 11:23 - 2014-09-17 10:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-25 11:23 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 21:20 - 2014-12-18 20:34 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-18 20:34 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 21:16 - 2014-09-17 02:18 - 00009904 _____ () C:\WINDOWS\SysWOW64\VisualDiscovery.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\SysWOW64\VisualDiscoveryOff.ini
2015-01-22 21:16 - 2014-09-17 02:18 - 00004904 _____ () C:\WINDOWS\system32\VisualDiscoveryOff.ini
2015-01-22 20:48 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-01-22 20:14 - 2014-09-17 02:10 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-22 20:12 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-21 20:19 - 2013-08-22 15:44 - 00518456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-21 20:15 - 2014-12-07 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-21 20:08 - 2014-12-07 13:21 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-02 09:46 - 2014-11-30 19:03 - 00002345 _____ () C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

==================== Files in the root of some directories =======

2014-09-17 01:31 - 2014-09-17 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-30 17:54 - 2014-11-30 18:20 - 0001973 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Horst\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Horst\AppData\Local\Temp\oct31FE.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct417.tmp.exe
C:\Users\Horst\AppData\Local\Temp\oct7B2C.tmp.exe
C:\Users\Horst\AppData\Local\Temp\octAE06.tmp.exe
C:\Users\Horst\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Horst\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 18:35

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Ganz schön zickig das Zeug. Wir könnten jetzt erstmal die Safe-Mode-Treiber fixen damit Du den FRST-Fix im abgesicherten Modus machen kannst. Das ist aber etwas aufwendig. Daher probieren wir was anderes.

Schritt 1
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Code: Alles auswählenAufklappen

ATTFilter

15:55:57.0955 0x0990  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:55:57.0955 0x0990  UEFI system
15:56:05.0762 0x0990  ============================================================
15:56:05.0762 0x0990  Current date / time: 2015/02/01 15:56:05.0762
15:56:05.0762 0x0990  SystemInfo:
15:56:05.0762 0x0990  
15:56:05.0762 0x0990  OS Version: 6.3.9600 ServicePack: 0.0
15:56:05.0762 0x0990  Product type: Workstation
15:56:05.0762 0x0990  ComputerName: LENOVO-PC
15:56:05.0762 0x0990  UserName: Horst
15:56:05.0762 0x0990  Windows directory: C:\WINDOWS
15:56:05.0762 0x0990  System windows directory: C:\WINDOWS
15:56:05.0762 0x0990  Running under WOW64
15:56:05.0762 0x0990  Processor architecture: Intel x64
15:56:05.0762 0x0990  Number of processors: 2
15:56:05.0762 0x0990  Page size: 0x1000
15:56:05.0762 0x0990  Boot type: Normal boot
15:56:05.0762 0x0990  ============================================================
15:56:06.0918 0x0990  KLMD registered as C:\WINDOWS\system32\drivers\19355739.sys
15:56:07.0637 0x0990  System UUID: {035966C7-DE16-850E-5415-39B8F005BA18}
15:56:08.0246 0x0990  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:08.0246 0x0990  ============================================================
15:56:08.0246 0x0990  \Device\Harddisk0\DR0:
15:56:08.0246 0x0990  GPT partitions:
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9B6AF15C-FD5F-425A-814D-8074B590B1B9}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B5998B38-37EF-43DD-9AC2-91CF9ED9811E}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {D4AD7BD8-0304-4F58-8975-3987736A9671}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {22E7D1F2-9B72-4B14-80F7-1B58C36527E5}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {ABAD979F-D8D1-4B0C-8D89-B8E64B0F238B}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x6F25E000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {51A8B00D-2C03-4F61-BC90-BBB07FE574BB}, Name: Basic data partition, StartLBA 0x6F708800, BlocksNum 0x3200000
15:56:08.0246 0x0990  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BCD5F7D4-506D-4321-BF2B-D0F44F11DB2C}, Name: Basic data partition, StartLBA 0x72908800, BlocksNum 0x1DFE000
15:56:08.0246 0x0990  MBR partitions:
15:56:08.0246 0x0990  ============================================================
15:56:08.0277 0x0990  C: <-> \Device\Harddisk0\DR0\Partition5
15:56:08.0371 0x0990  D: <-> \Device\Harddisk0\DR0\Partition6
15:56:08.0371 0x0990  ============================================================
15:56:08.0371 0x0990  Initialize success
15:56:08.0371 0x0990  ============================================================
15:57:34.0876 0x051c  ============================================================
15:57:34.0876 0x051c  Scan started
15:57:34.0876 0x051c  Mode: Manual; SigCheck; TDLFS; 
15:57:34.0876 0x051c  ============================================================
15:57:34.0876 0x051c  KSN ping started
15:57:37.0393 0x051c  KSN ping finished: true
15:57:40.0423 0x051c  ================ Scan system memory ========================
15:57:40.0423 0x051c  System memory - ok
15:57:40.0423 0x051c  ================ Scan services =============================
15:57:40.0584 0x051c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
15:57:40.0678 0x051c  1394ohci - ok
15:57:40.0728 0x051c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
15:57:40.0745 0x051c  3ware - ok
15:57:40.0771 0x051c  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
15:57:40.0799 0x051c  ACPI - ok
15:57:40.0805 0x051c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
15:57:40.0824 0x051c  acpiex - ok
15:57:40.0828 0x051c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
15:57:40.0879 0x051c  acpipagr - ok
15:57:40.0879 0x051c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
15:57:40.0924 0x051c  AcpiPmi - ok
15:57:40.0945 0x051c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
15:57:40.0991 0x051c  acpitime - ok
15:57:41.0014 0x051c  [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
15:57:41.0035 0x051c  ACPIVPC - ok
15:57:41.0075 0x051c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
15:57:41.0106 0x051c  ADP80XX - ok
15:57:41.0137 0x051c  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
15:57:41.0200 0x051c  AeLookupSvc - ok
15:57:41.0231 0x051c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
15:57:41.0293 0x051c  AFD - ok
15:57:41.0309 0x051c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
15:57:41.0325 0x051c  agp440 - ok
15:57:41.0356 0x051c  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
15:57:41.0387 0x051c  ahcache - ok
15:57:41.0403 0x051c  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
15:57:41.0434 0x051c  ALG - ok
15:57:41.0450 0x051c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
15:57:41.0481 0x051c  AmdK8 - ok
15:57:41.0497 0x051c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
15:57:41.0528 0x051c  AmdPPM - ok
15:57:41.0528 0x051c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
15:57:41.0543 0x051c  amdsata - ok
15:57:41.0559 0x051c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
15:57:41.0575 0x051c  amdsbs - ok
15:57:41.0590 0x051c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
15:57:41.0606 0x051c  amdxata - ok
15:57:41.0622 0x051c  [ 4126D30992B26303E47E8981313FD6D6, 4C8DB2DDDB88FBEA87CDBFB93D9855B40043778878AF4A5571C174434F9C0D4C ] AmUStor         C:\WINDOWS\system32\drivers\AmUStor.SYS
15:57:41.0637 0x051c  AmUStor - ok
15:57:41.0653 0x051c  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
15:57:41.0684 0x051c  AppID - ok
15:57:41.0715 0x051c  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
15:57:41.0747 0x051c  AppIDSvc - ok
15:57:41.0778 0x051c  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
15:57:41.0809 0x051c  Appinfo - ok
15:57:41.0840 0x051c  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
15:57:41.0887 0x051c  AppReadiness - ok
15:57:41.0950 0x051c  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
15:57:42.0012 0x051c  AppXSvc - ok
15:57:42.0043 0x051c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
15:57:42.0059 0x051c  arcsas - ok
15:57:42.0090 0x051c  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
15:57:42.0090 0x051c  aswHwid - ok
15:57:42.0137 0x051c  [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
15:57:42.0153 0x051c  aswMonFlt - ok
15:57:42.0184 0x051c  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
15:57:42.0200 0x051c  aswRdr - ok
15:57:42.0231 0x051c  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
15:57:42.0231 0x051c  aswRvrt - ok
15:57:42.0293 0x051c  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
15:57:42.0325 0x051c  aswSnx - ok
15:57:42.0372 0x051c  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
15:57:42.0387 0x051c  aswSP - ok
15:57:42.0403 0x051c  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
15:57:42.0418 0x051c  aswStm - ok
15:57:42.0465 0x051c  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
15:57:42.0481 0x051c  aswVmm - ok
15:57:42.0512 0x051c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
15:57:42.0528 0x051c  atapi - ok
15:57:42.0559 0x051c  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
15:57:42.0606 0x051c  AudioEndpointBuilder - ok
15:57:42.0653 0x051c  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
15:57:42.0700 0x051c  Audiosrv - ok
15:57:42.0887 0x051c  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:57:42.0918 0x051c  avast! Antivirus - ok
15:57:42.0950 0x051c  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
15:57:42.0981 0x051c  AxInstSV - ok
15:57:43.0028 0x051c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
15:57:43.0043 0x051c  b06bdrv - ok
15:57:43.0075 0x051c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
15:57:43.0106 0x051c  BasicDisplay - ok
15:57:43.0122 0x051c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
15:57:43.0153 0x051c  BasicRender - ok
15:57:43.0184 0x051c  [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
15:57:43.0200 0x051c  bcbtums - ok
15:57:43.0418 0x051c  [ 626993CA204D0DE1C3023F635C013F2B, 264CF2883EBD7A005AA1D17BAEF367E489F11B93ABDFD0BDF87F50748A82A883 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
15:57:43.0599 0x051c  BCM43XX - ok
15:57:43.0688 0x051c  [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
15:57:43.0749 0x051c  BcmBtRSupport - ok
15:57:43.0780 0x051c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
15:57:43.0796 0x051c  bcmfn2 - ok
15:57:43.0983 0x051c  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
15:57:44.0155 0x051c  BDESVC - ok
15:57:44.0171 0x051c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:57:44.0202 0x051c  Beep - ok
15:57:44.0249 0x051c  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
15:57:44.0296 0x051c  BFE - ok
15:57:44.0343 0x051c  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
15:57:44.0546 0x051c  BITS - ok
15:57:44.0577 0x051c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
15:57:44.0593 0x051c  bowser - ok
15:57:44.0640 0x051c  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
15:57:44.0671 0x051c  BrokerInfrastructure - ok
15:57:44.0702 0x051c  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
15:57:44.0749 0x051c  Browser - ok
15:57:44.0784 0x051c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
15:57:44.0827 0x051c  BthAvrcpTg - ok
15:57:44.0854 0x051c  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
15:57:44.0885 0x051c  BthEnum - ok
15:57:44.0916 0x051c  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
15:57:44.0948 0x051c  BthHFEnum - ok
15:57:44.0948 0x051c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
15:57:44.0979 0x051c  bthhfhid - ok
15:57:44.0995 0x051c  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
15:57:45.0027 0x051c  BthLEEnum - ok
15:57:45.0032 0x051c  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
15:57:45.0058 0x051c  BTHMODEM - ok
15:57:45.0089 0x051c  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
15:57:45.0105 0x051c  BthPan - ok
15:57:45.0167 0x051c  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
15:57:45.0214 0x051c  BTHPORT - ok
15:57:45.0246 0x051c  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
15:57:45.0277 0x051c  bthserv - ok
15:57:45.0339 0x051c  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
15:57:45.0542 0x051c  BTHUSB - ok
15:57:45.0558 0x051c  [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
15:57:45.0589 0x051c  btwampfl - ok
15:57:45.0746 0x051c  [ 49665DD72F8DB515AB51D04984DB1D38, 8ABE06213D11309E6A2A6C21223852C33E28B4C9A5E9E6CAE20D4F6142F153F2 ] btwaudio        C:\WINDOWS\system32\drivers\btwaudio.sys
15:57:45.0794 0x051c  btwaudio - ok
15:57:45.0870 0x051c  [ 1611FFAFBB372A3BDA5ABDA3F9202882, D491A4F0F59B5C8779169C853F6CF27D13B59135335CCE243D3A54052B7B97A8 ] btwavdt         C:\WINDOWS\system32\drivers\btwavdt.sys
15:57:45.0917 0x051c  btwavdt - ok
15:57:46.0095 0x051c  [ DD2C038F5888B6F569851CCE361EFAEC, CE7EE853B058845D3E37C0DCD7498755D105EAFE7B7AD6915B736EC7123ED34F ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
15:57:46.0162 0x051c  btwdins - ok
15:57:46.0182 0x051c  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
15:57:46.0192 0x051c  btwl2cap - ok
15:57:46.0210 0x051c  [ BF79442906F4BB3DC4A81EA6B82EAD60, 2B67731D1C43C83A19CDC4ACE9605C9F3DA7347CC64C420DD00F8828227E939F ] btwrchid        C:\WINDOWS\System32\drivers\btwrchid.sys
15:57:46.0222 0x051c  btwrchid - ok
15:57:46.0241 0x051c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
15:57:46.0278 0x051c  cdfs - ok
15:57:46.0301 0x051c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
15:57:46.0337 0x051c  cdrom - ok
15:57:46.0358 0x051c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
15:57:46.0413 0x051c  CertPropSvc - ok
15:57:46.0425 0x051c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
15:57:46.0449 0x051c  circlass - ok
15:57:46.0476 0x051c  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
15:57:46.0524 0x051c  CLFS - ok
15:57:46.0943 0x051c  [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
15:57:47.0037 0x051c  ClickToRunSvc - ok
15:57:47.0084 0x051c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
15:57:47.0130 0x051c  CmBatt - ok
15:57:47.0147 0x051c  [ E108CBCC85FBC63EBEB449E0D45A671B, FB95AF18318BF6A431908D9F927D0C6A41C8843FA58785BA280391B4F5762223 ] cmwf            C:\WINDOWS\system32\Drivers\cmwf.sys
15:57:47.0147 0x051c  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\cmwf.sys. md5: E108CBCC85FBC63EBEB449E0D45A671B, sha256: FB95AF18318BF6A431908D9F927D0C6A41C8843FA58785BA280391B4F5762223
15:57:47.0147 0x051c  cmwf - detected LockedFile.Multi.Generic ( 1 )
15:57:49.0794 0x051c  Detect skipped due to KSN trusted
15:57:49.0794 0x051c  cmwf - ok
15:57:49.0809 0x051c  CMWFP - ok
15:57:49.0866 0x051c  [ 6AC6FB9CFC2A49FD1FEDDE62D3017B55, EF4A3CF180DF589C30D799E58688F1F53988C13E3EE7BCED05DBE2AA91CE2299 ] cmwr            C:\WINDOWS\system32\Drivers\cmwr.sys
15:57:49.0866 0x051c  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\cmwr.sys. md5: 6AC6FB9CFC2A49FD1FEDDE62D3017B55, sha256: EF4A3CF180DF589C30D799E58688F1F53988C13E3EE7BCED05DBE2AA91CE2299
15:57:49.0866 0x051c  cmwr - detected LockedFile.Multi.Generic ( 1 )
15:57:52.0591 0x051c  Detect skipped due to KSN trusted
15:57:52.0591 0x051c  cmwr - ok
15:57:52.0747 0x051c  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
15:57:52.0809 0x051c  CNG - ok
15:57:52.0841 0x051c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
15:57:52.0856 0x051c  CompositeBus - ok
15:57:52.0856 0x051c  COMSysApp - ok
15:57:52.0872 0x051c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
15:57:52.0903 0x051c  condrv - ok
15:57:53.0192 0x051c  [ A55806DA2041592EF489BC8E22915C7F, BD85E25A8F366B17B2C1D9C444038E352FEB6E7FBB15DD5930B68C8962F7FAA0 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
15:57:53.0333 0x051c  cphs - ok
15:57:53.0364 0x051c  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
15:57:53.0442 0x051c  CryptSvc - ok
15:57:53.0442 0x0b94  Object required for P2P: [ D30C67473A2E229662D21F27EAA9AAA5 ] BthLEEnum
15:57:53.0458 0x051c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
15:57:53.0473 0x051c  dam - ok
15:57:53.0520 0x051c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:57:53.0630 0x051c  DcomLaunch - ok
15:57:53.0676 0x051c  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
15:57:53.0708 0x051c  defragsvc - ok
15:57:53.0880 0x051c  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
15:57:53.0958 0x051c  DeviceAssociationService - ok
15:57:53.0973 0x051c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
15:57:54.0005 0x051c  DeviceInstall - ok
15:57:54.0020 0x051c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
15:57:54.0051 0x051c  Dfsc - ok
15:57:54.0083 0x051c  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
15:57:54.0114 0x051c  Dhcp - ok
15:57:54.0145 0x051c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
15:57:54.0161 0x051c  disk - ok
15:57:54.0176 0x051c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
15:57:54.0208 0x051c  dmvsc - ok
15:57:54.0239 0x051c  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:57:54.0255 0x051c  Dnscache - ok
15:57:54.0301 0x051c  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:57:54.0458 0x051c  dot3svc - ok
15:57:54.0473 0x051c  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:57:54.0489 0x051c  dot4 - ok
15:57:54.0598 0x051c  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
15:57:54.0645 0x051c  Dot4Print - ok
15:57:54.0661 0x051c  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:57:54.0676 0x051c  dot4usb - ok
15:57:54.0708 0x051c  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
15:57:54.0755 0x051c  DPS - ok
15:57:54.0770 0x051c  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:57:54.0786 0x051c  drmkaud - ok
15:57:54.0817 0x051c  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
15:57:54.0848 0x051c  DsmSvc - ok
15:57:54.0925 0x051c  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
15:57:55.0002 0x051c  DXGKrnl - ok
15:57:55.0033 0x051c  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
15:57:55.0070 0x051c  e1iexpress - ok
15:57:55.0101 0x051c  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
15:57:55.0132 0x051c  Eaphost - ok
15:57:55.0335 0x051c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
15:57:55.0460 0x051c  ebdrv - ok
15:57:55.0492 0x051c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
15:57:55.0507 0x051c  EFS - ok
15:57:55.0523 0x051c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
15:57:55.0539 0x051c  EhStorClass - ok
15:57:55.0554 0x051c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
15:57:55.0570 0x051c  EhStorTcgDrv - ok
15:57:55.0585 0x051c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
15:57:55.0601 0x051c  ErrDev - ok
15:57:55.0664 0x051c  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
15:57:55.0710 0x051c  EventSystem - ok
15:57:55.0726 0x051c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
15:57:55.0773 0x051c  exfat - ok
15:57:55.0789 0x051c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
15:57:55.0820 0x051c  fastfat - ok
15:57:55.0851 0x051c  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
15:57:55.0898 0x051c  Fax - ok
15:57:55.0914 0x051c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
15:57:55.0945 0x051c  fdc - ok
15:57:55.0960 0x051c  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
15:57:56.0007 0x051c  fdPHost - ok
15:57:56.0023 0x051c  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
15:57:56.0048 0x051c  FDResPub - ok
15:57:56.0087 0x051c  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
15:57:56.0103 0x051c  fhsvc - ok
15:57:56.0134 0x051c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
15:57:56.0165 0x051c  FileInfo - ok
15:57:56.0181 0x051c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
15:57:56.0228 0x051c  Filetrace - ok
15:57:56.0228 0x051c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
15:57:56.0259 0x051c  flpydisk - ok
15:57:56.0306 0x051c  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:57:56.0322 0x051c  FltMgr - ok
15:57:56.0384 0x051c  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
15:57:56.0431 0x051c  FontCache - ok
15:57:56.0790 0x051c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:57:56.0915 0x051c  FontCache3.0.0.0 - ok
15:57:56.0931 0x051c  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
15:57:56.0962 0x051c  FsDepends - ok
15:57:56.0978 0x051c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:57:56.0993 0x051c  Fs_Rec - ok
15:57:57.0040 0x051c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
15:57:57.0057 0x051c  fvevol - ok
15:57:57.0166 0x051c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
15:57:57.0197 0x0b94  Object send P2P result: true
15:57:57.0229 0x051c  FxPPM - ok
15:57:57.0229 0x051c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
15:57:57.0260 0x051c  gagp30kx - ok
15:57:57.0307 0x051c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
15:57:57.0338 0x051c  gencounter - ok
15:57:57.0406 0x051c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
15:57:57.0416 0x051c  GPIOClx0101 - ok
15:57:57.0479 0x051c  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
15:57:57.0635 0x051c  gpsvc - ok
15:57:57.0666 0x051c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:57:57.0682 0x051c  gupdate - ok
15:57:57.0776 0x051c  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:57:57.0807 0x051c  gupdatem - ok
15:57:57.0951 0x051c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
15:57:58.0048 0x051c  HdAudAddService - ok
15:57:58.0078 0x051c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
15:57:58.0095 0x051c  HDAudBus - ok
15:57:58.0126 0x051c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
15:57:58.0158 0x051c  HidBatt - ok
15:57:58.0158 0x051c  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
15:57:58.0189 0x051c  HidBth - ok
15:57:58.0205 0x051c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
15:57:58.0236 0x051c  hidi2c - ok
15:57:58.0236 0x051c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
15:57:58.0267 0x051c  HidIr - ok
15:57:58.0298 0x051c  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
15:57:58.0330 0x051c  hidserv - ok
15:57:58.0345 0x051c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
15:57:58.0361 0x051c  HidUsb - ok
15:57:58.0377 0x051c  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
15:57:58.0392 0x051c  hkmsvc - ok
15:57:58.0423 0x051c  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
15:57:58.0470 0x051c  HomeGroupListener - ok
15:57:58.0533 0x051c  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
15:57:58.0720 0x051c  HomeGroupProvider - ok
15:57:58.0752 0x051c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
15:57:58.0783 0x051c  HpSAMD - ok
15:57:58.0814 0x051c  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
15:57:58.0845 0x051c  HTTP - ok
15:57:58.0890 0x051c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
15:57:58.0921 0x051c  hwpolicy - ok
15:57:58.0925 0x051c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
15:57:58.0975 0x051c  hyperkbd - ok
15:57:58.0981 0x051c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
15:57:59.0012 0x051c  HyperVideo - ok
15:57:59.0027 0x051c  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
15:57:59.0058 0x051c  i8042prt - ok
15:57:59.0066 0x051c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
15:57:59.0082 0x051c  iaLPSSi_GPIO - ok
15:57:59.0082 0x051c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
15:57:59.0097 0x051c  iaLPSSi_I2C - ok
15:57:59.0144 0x051c  [ E5A15FEDEBDFB8E12CB94DBF01833775, 9C751A1FD8A5CEC8DD9FE8AE46E86A514C67F07EED04AB23A26A36F400DF8EA4 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
15:57:59.0181 0x051c  iaStorA - ok
15:57:59.0472 0x051c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
15:57:59.0509 0x051c  iaStorAV - ok
15:57:59.0631 0x051c  [ 95BA9605AE793746D8F6AD18E5DA7EFE, 1CFB12E798E268D812EB20EBC85AC1DD1345F073389DEF79986BA45E7BDC701D ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:57:59.0644 0x051c  IAStorDataMgrSvc - ok
15:57:59.0661 0x051c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
15:57:59.0688 0x051c  iaStorV - ok
15:57:59.0697 0x051c  IEEtwCollectorService - ok
15:57:59.0968 0x051c  [ 4EB6ABBF5D78E65A418BA71EF3ACE251, 261586815680E666F61FCE3CCB5D485A1D200C42FF52D451AE31D80740EA5BDB ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
15:58:00.0143 0x051c  igfx - ok
15:58:00.0210 0x051c  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
15:58:00.0254 0x051c  IKEEXT - ok
15:58:00.0301 0x051c  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
15:58:00.0301 0x051c  intaud_WaveExtensible - ok
15:58:00.0348 0x051c  [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE1062983120E3BD1C4DB ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
15:58:00.0363 0x051c  IntcDAud - ok
15:58:00.0426 0x051c  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:58:00.0551 0x051c  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
15:58:03.0184 0x051c  Detect skipped due to KSN trusted
15:58:03.0184 0x051c  Intel(R) Capability Licensing Service Interface - ok
15:58:03.0481 0x051c  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
15:58:03.0528 0x051c  Intel(R) Capability Licensing Service TCP IP Interface - ok
15:58:03.0559 0x051c  [ B1B3CED4AACC96080EE7E7516A558184, 3B76DDC32EDEF6FFC5722FB063576FBE154A958A73F9E3B377E541C9BB2F06D5 ] IntelHSWPcc     C:\WINDOWS\system32\drivers\IntelPcc.sys
15:58:03.0575 0x051c  IntelHSWPcc - ok
15:58:03.0591 0x051c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
15:58:03.0606 0x051c  intelide - ok
15:58:03.0637 0x051c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
15:58:03.0653 0x051c  intelpep - ok
15:58:03.0669 0x051c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
15:58:03.0700 0x051c  intelppm - ok
15:58:03.0700 0x051c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:58:03.0731 0x051c  IpFilterDriver - ok
15:58:03.0778 0x051c  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
15:58:03.0841 0x051c  iphlpsvc - ok
15:58:03.0856 0x051c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
15:58:03.0872 0x051c  IPMIDRV - ok
15:58:03.0919 0x051c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
15:58:03.0934 0x051c  IPNAT - ok
15:58:03.0950 0x051c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
15:58:03.0981 0x051c  IRENUM - ok
15:58:03.0997 0x051c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
15:58:04.0012 0x051c  isapnp - ok
15:58:04.0044 0x051c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
15:58:04.0075 0x051c  iScsiPrt - ok
15:58:04.0091 0x051c  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
15:58:04.0106 0x051c  iwdbus - ok
15:58:04.0184 0x051c  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:58:04.0200 0x051c  jhi_service - ok
15:58:04.0216 0x051c  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
15:58:04.0231 0x051c  kbdclass - ok
15:58:04.0247 0x051c  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
15:58:04.0262 0x051c  kbdhid - ok
15:58:04.0294 0x051c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
15:58:04.0325 0x051c  kdnic - ok
15:58:04.0341 0x051c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
15:58:04.0356 0x051c  KeyIso - ok
15:58:04.0387 0x051c  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
15:58:04.0403 0x051c  KSecDD - ok
15:58:04.0419 0x051c  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
15:58:04.0450 0x051c  KSecPkg - ok
15:58:04.0481 0x051c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
15:58:04.0512 0x051c  ksthunk - ok
15:58:04.0544 0x051c  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
15:58:04.0575 0x051c  KtmRm - ok
15:58:04.0622 0x051c  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
15:58:04.0622 0x051c  L1C - ok
15:58:04.0669 0x051c  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
15:58:04.0700 0x051c  LanmanServer - ok
15:58:04.0731 0x051c  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
15:58:04.0778 0x051c  LanmanWorkstation - ok
15:58:04.0841 0x051c  [ DA297A7BAB4E3889CFF60C02AE7BFB5D, 9E533D6FE2C9777A298F1E09C6E74F4135CC32D406382655EA9C0B7B2C533F3E ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
15:58:04.0872 0x051c  Lenovo EasyPlus Hotspot - ok
15:58:04.0934 0x051c  [ 8CD7568B0F809731D931144DE376FD16, 78902FA1BED048B336DE71FB82A3614A58BBAA834483F2F2B5ABF4A70FA491F3 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
15:58:04.0966 0x051c  Lenovo System Agent Service - ok
15:58:05.0015 0x051c  [ 031199B929009F268A478F0283E1CE32, B7BFB848A03535C16798085D489AB294935955F2982330B39190B2074BF9122B ] LenovoWiFiHotspotSvr C:\Windows\System32\LenovoWiFiHotspotSvr.exe
15:58:05.0031 0x051c  LenovoWiFiHotspotSvr - ok
15:58:05.0058 0x051c  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
15:58:05.0105 0x051c  lfsvc - ok
15:58:05.0230 0x051c  [ 87AAC3CBD2C5D5AC6CA87AD08A228241, 0F7C70976753672D6771DC67E40CF5B25C2F215EF42F61528BD8E8B84C91F42E ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
15:58:05.0308 0x051c  LiveUpdateSvc - ok
15:58:05.0339 0x051c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
15:58:05.0386 0x051c  lltdio - ok
15:58:05.0418 0x051c  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
15:58:05.0464 0x051c  lltdsvc - ok
15:58:05.0496 0x051c  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
15:58:05.0527 0x051c  lmhosts - ok
15:58:05.0543 0x035c  Object required for P2P: [ FE7656474448BE6A6C68E5C9BEB7CA94 ] Dnscache
15:58:05.0574 0x051c  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:58:05.0589 0x051c  LMS - ok
15:58:05.0683 0x051c  [ 25F003B378E831514587DC6155781227, 7E68BED3721B9B917DDF215E572EEC4D1B30805CB8C274222450F65AA6B9D945 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
15:58:05.0699 0x051c  LSCWinService - ok
15:58:05.0730 0x051c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
15:58:05.0746 0x051c  LSI_SAS - ok
15:58:05.0746 0x051c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
15:58:05.0777 0x051c  LSI_SAS2 - ok
15:58:05.0777 0x051c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
15:58:05.0793 0x051c  LSI_SAS3 - ok
15:58:05.0793 0x051c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
15:58:05.0808 0x051c  LSI_SSS - ok
15:58:05.0839 0x051c  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
15:58:05.0886 0x051c  LSM - ok
15:58:05.0944 0x051c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
15:58:05.0977 0x051c  luafv - ok
15:58:06.0046 0x051c  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
15:58:06.0062 0x051c  MBAMSwissArmy - ok
15:58:06.0077 0x051c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
15:58:06.0093 0x051c  megasas - ok
15:58:06.0108 0x051c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
15:58:06.0140 0x051c  megasr - ok
15:58:06.0171 0x051c  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
15:58:06.0187 0x051c  MEIx64 - ok
15:58:06.0202 0x051c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
15:58:06.0233 0x051c  MMCSS - ok
15:58:06.0249 0x051c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
15:58:06.0280 0x051c  Modem - ok
15:58:06.0296 0x051c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
15:58:06.0312 0x051c  monitor - ok
15:58:06.0327 0x051c  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
15:58:06.0343 0x051c  mouclass - ok
15:58:06.0343 0x051c  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
15:58:06.0390 0x051c  mouhid - ok
15:58:06.0390 0x051c  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
15:58:06.0405 0x051c  mountmgr - ok
15:58:06.0405 0x051c  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
15:58:06.0437 0x051c  mpsdrv - ok
15:58:06.0499 0x051c  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
15:58:06.0577 0x051c  MpsSvc - ok
15:58:06.0608 0x051c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
15:58:06.0640 0x051c  MRxDAV - ok
15:58:06.0671 0x051c  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:58:06.0702 0x051c  mrxsmb - ok
15:58:06.0733 0x051c  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
15:58:06.0765 0x051c  mrxsmb10 - ok
15:58:06.0796 0x051c  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
15:58:06.0827 0x051c  mrxsmb20 - ok
15:58:06.0858 0x051c  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
15:58:06.0890 0x051c  MsBridge - ok
15:58:06.0905 0x051c  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
15:58:06.0937 0x051c  MSDTC - ok
15:58:06.0952 0x051c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:58:06.0983 0x051c  Msfs - ok
15:58:07.0015 0x051c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
15:58:07.0046 0x051c  msgpiowin32 - ok
15:58:07.0046 0x051c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
15:58:07.0062 0x051c  mshidkmdf - ok
15:58:07.0077 0x051c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
15:58:07.0093 0x051c  mshidumdf - ok
15:58:07.0108 0x051c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
15:58:07.0124 0x051c  msisadrv - ok
15:58:07.0155 0x051c  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
15:58:07.0187 0x051c  MSiSCSI - ok
15:58:07.0187 0x051c  msiserver - ok
15:58:07.0218 0x051c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:58:07.0249 0x051c  MSKSSRV - ok
15:58:07.0280 0x051c  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
15:58:07.0312 0x051c  MsLldp - ok
15:58:07.0327 0x051c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:58:07.0343 0x051c  MSPCLOCK - ok
15:58:07.0343 0x051c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:58:07.0358 0x051c  MSPQM - ok
15:58:07.0390 0x051c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
15:58:07.0405 0x051c  MsRPC - ok
15:58:07.0421 0x051c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
15:58:07.0421 0x051c  mssmbios - ok
15:58:07.0452 0x051c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:58:07.0468 0x051c  MSTEE - ok
15:58:07.0468 0x051c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
15:58:07.0515 0x051c  MTConfig - ok
15:58:07.0530 0x051c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
15:58:07.0546 0x051c  Mup - ok
15:58:07.0546 0x051c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
15:58:07.0562 0x051c  mvumis - ok
15:58:07.0593 0x051c  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
15:58:07.0640 0x051c  napagent - ok
15:58:07.0687 0x051c  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
15:58:07.0718 0x051c  NativeWifiP - ok
15:58:07.0749 0x051c  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
15:58:07.0780 0x051c  NcaSvc - ok
15:58:07.0796 0x051c  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
15:58:07.0812 0x051c  NcbService - ok
15:58:07.0843 0x051c  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
15:58:07.0874 0x051c  NcdAutoSetup - ok
15:58:07.0968 0x051c  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
15:58:07.0999 0x051c  NDIS - ok
15:58:08.0030 0x051c  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
15:58:08.0074 0x051c  NdisCap - ok
15:58:08.0090 0x051c  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
15:58:08.0121 0x051c  NdisImPlatform - ok
15:58:08.0137 0x051c  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:58:08.0262 0x051c  NdisTapi - ok
15:58:08.0293 0x051c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:58:08.0324 0x051c  Ndisuio - ok
15:58:08.0355 0x051c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
15:58:08.0387 0x051c  NdisVirtualBus - ok
15:58:08.0402 0x051c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:58:08.0433 0x051c  NdisWan - ok
15:58:08.0433 0x051c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:58:08.0465 0x051c  NdisWanLegacy - ok
15:58:08.0465 0x051c  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:58:08.0496 0x051c  NDProxy - ok
15:58:08.0512 0x051c  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
15:58:08.0558 0x051c  Ndu - ok
15:58:08.0574 0x051c  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:58:08.0605 0x051c  NetBIOS - ok
15:58:08.0621 0x051c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:58:08.0637 0x051c  NetBT - ok
15:58:08.0668 0x051c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:58:08.0683 0x051c  Netlogon - ok
15:58:08.0730 0x051c  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
15:58:08.0762 0x051c  Netman - ok
15:58:08.0777 0x051c  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
15:58:08.0824 0x051c  netprofm - ok
15:58:08.0871 0x051c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:58:08.0918 0x051c  NetTcpPortSharing - ok
15:58:08.0933 0x051c  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
15:58:08.0965 0x051c  netvsc - ok
15:58:09.0105 0x051c  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew02.sys
15:58:09.0246 0x051c  NETwNe64 - ok
15:58:09.0308 0x051c  [ 02E736F9861F1A6134736CF7473C513F, 7C574A50980885B213EFC0C394AFE613879B669246A4EA5EA6B5F791F7F6F32E ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
15:58:09.0324 0x051c  NitroDriverReadSpool9 - ok
15:58:09.0340 0x035c  Object send P2P result: true
15:58:09.0355 0x051c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
15:58:09.0387 0x051c  NlaSvc - ok
15:58:09.0449 0x051c  [ CD2C0C25ECFCF816306126D3C208614B, C0C8B59BDDB349A593DFF5107841EB76618631C867D7C8F234C9ECBD76713CB0 ] nlsX86cc        C:\WINDOWS\SysWOW64\NLSSRV32.EXE
15:58:09.0496 0x051c  nlsX86cc - ok
15:58:09.0512 0x051c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:58:09.0527 0x051c  Npfs - ok
15:58:09.0543 0x051c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
15:58:09.0558 0x051c  npsvctrig - ok
15:58:09.0574 0x051c  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
15:58:09.0605 0x051c  nsi - ok
15:58:09.0621 0x051c  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
15:58:09.0652 0x051c  nsiproxy - ok
15:58:09.0730 0x051c  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:58:09.0793 0x051c  Ntfs - ok
15:58:09.0808 0x051c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:58:09.0840 0x051c  Null - ok
15:58:09.0871 0x051c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
15:58:09.0887 0x051c  nvraid - ok
15:58:09.0902 0x051c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
15:58:09.0918 0x051c  nvstor - ok
15:58:09.0918 0x051c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
15:58:09.0933 0x051c  nv_agp - ok
15:58:10.0018 0x051c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:10.0034 0x051c  ose - ok
15:58:10.0059 0x051c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
15:58:10.0091 0x051c  p2pimsvc - ok
15:58:10.0122 0x051c  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
15:58:10.0169 0x051c  p2psvc - ok
15:58:10.0184 0x051c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
15:58:10.0216 0x051c  Parport - ok
15:58:10.0231 0x051c  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
15:58:10.0247 0x051c  partmgr - ok
15:58:10.0278 0x051c  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
15:58:10.0309 0x051c  PcaSvc - ok
15:58:10.0341 0x051c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
15:58:10.0372 0x051c  pci - ok
15:58:10.0387 0x051c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
15:58:10.0403 0x051c  pciide - ok
15:58:10.0419 0x051c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
15:58:10.0434 0x051c  pcmcia - ok
15:58:10.0450 0x051c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
15:58:10.0466 0x051c  pcw - ok
15:58:10.0497 0x051c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
15:58:10.0512 0x051c  pdc - ok
15:58:10.0528 0x051c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
15:58:10.0575 0x051c  PEAUTH - ok
15:58:10.0684 0x051c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
15:58:10.0716 0x051c  PerfHost - ok
15:58:10.0778 0x051c  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
15:58:10.0856 0x051c  pla - ok
15:58:10.0887 0x051c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
15:58:10.0903 0x051c  PlugPlay - ok
15:58:10.0919 0x051c  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
15:58:10.0950 0x051c  PNRPAutoReg - ok
15:58:10.0966 0x051c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
15:58:11.0074 0x051c  PNRPsvc - ok
15:58:11.0105 0x051c  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
15:58:11.0193 0x051c  PolicyAgent - ok
15:58:11.0234 0x051c  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
15:58:11.0284 0x051c  Power - ok
15:58:11.0419 0x051c  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
15:58:11.0529 0x051c  PrintNotify - ok
15:58:11.0560 0x051c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
15:58:11.0576 0x051c  Processor - ok
15:58:11.0607 0x051c  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
15:58:11.0638 0x051c  ProfSvc - ok
15:58:11.0654 0x051c  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
15:58:11.0701 0x051c  Psched - ok
15:58:11.0732 0x051c  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
15:58:11.0779 0x051c  QWAVE - ok
15:58:11.0810 0x051c  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
15:58:11.0841 0x051c  QWAVEdrv - ok
15:58:11.0857 0x051c  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:58:11.0888 0x051c  RasAcd - ok
15:58:11.0919 0x051c  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:58:11.0951 0x051c  RasAuto - ok
15:58:11.0966 0x051c  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:58:12.0013 0x051c  RasMan - ok
15:58:12.0035 0x051c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:58:12.0043 0x051c  RasPppoe - ok
15:58:12.0089 0x051c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:58:12.0121 0x051c  rdbss - ok
15:58:12.0136 0x051c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
15:58:12.0168 0x051c  rdpbus - ok
15:58:12.0183 0x051c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
15:58:12.0214 0x051c  RDPDR - ok
15:58:12.0246 0x051c  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
15:58:12.0261 0x051c  RdpVideoMiniport - ok
15:58:12.0277 0x051c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
15:58:12.0293 0x051c  rdyboost - ok
15:58:12.0355 0x051c  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
15:58:12.0402 0x051c  ReFS - ok
15:58:12.0433 0x051c  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:58:12.0464 0x051c  RemoteAccess - ok
15:58:12.0496 0x051c  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:58:12.0527 0x051c  RemoteRegistry - ok
15:58:12.0558 0x051c  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
15:58:12.0574 0x051c  RFCOMM - ok
15:58:12.0683 0x051c  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
15:58:12.0699 0x051c  RichVideo64 - ok
15:58:12.0730 0x051c  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
15:58:12.0761 0x051c  RpcEptMapper - ok
15:58:12.0793 0x051c  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:58:12.0808 0x051c  RpcLocator - ok
15:58:12.0855 0x051c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:58:12.0902 0x051c  RpcSs - ok
15:58:12.0933 0x051c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
15:58:12.0949 0x051c  rspndr - ok
15:58:12.0980 0x051c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
15:58:13.0011 0x051c  s3cap - ok
15:58:13.0043 0x051c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:58:13.0059 0x051c  SamSs - ok
15:58:13.0074 0x051c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
15:58:13.0105 0x051c  sbp2port - ok
15:58:13.0137 0x051c  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
15:58:13.0168 0x051c  SCardSvr - ok
15:58:13.0184 0x051c  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
15:58:13.0215 0x051c  ScDeviceEnum - ok
15:58:13.0230 0x051c  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
15:58:13.0246 0x051c  scfilter - ok
15:58:13.0309 0x051c  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:58:13.0355 0x051c  Schedule - ok
15:58:13.0402 0x051c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
15:58:13.0418 0x051c  SCPolicySvc - ok
15:58:13.0449 0x051c  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
15:58:13.0465 0x051c  sdbus - ok
15:58:13.0512 0x051c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
15:58:13.0527 0x051c  sdstor - ok
15:58:13.0559 0x051c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
15:58:13.0574 0x051c  secdrv - ok
15:58:13.0621 0x051c  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
15:58:13.0652 0x051c  seclogon - ok
15:58:13.0668 0x051c  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
15:58:13.0699 0x051c  SENS - ok
15:58:13.0715 0x051c  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
15:58:13.0746 0x051c  SensrSvc - ok
15:58:13.0777 0x051c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
15:58:13.0809 0x051c  SerCx - ok
15:58:13.0840 0x051c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
15:58:13.0855 0x051c  SerCx2 - ok
15:58:13.0871 0x051c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
15:58:13.0902 0x051c  Serenum - ok
15:58:13.0902 0x051c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
15:58:13.0934 0x051c  Serial - ok
15:58:13.0934 0x051c  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
15:58:13.0949 0x051c  sermouse - ok
15:58:13.0996 0x051c  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
15:58:14.0027 0x051c  SessionEnv - ok
15:58:14.0027 0x051c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
15:58:14.0043 0x051c  sfloppy - ok
15:58:14.0105 0x051c  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:58:14.0137 0x051c  SharedAccess - ok
15:58:14.0184 0x051c  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:58:14.0230 0x051c  ShellHWDetection - ok
15:58:14.0246 0x051c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
15:58:14.0262 0x051c  SiSRaid2 - ok
15:58:14.0293 0x051c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
15:58:14.0309 0x051c  SiSRaid4 - ok
15:58:14.0355 0x051c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:58:14.0387 0x051c  SkypeUpdate - ok
15:58:14.0418 0x051c  [ 2458D9FA17F51A458463CF0A4D3FC238, 9CB160C391C24229FF068A56E6B0AD7869FBDAF254B9B30497FAE3443AC19FC3 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
15:58:14.0434 0x051c  SmbDrvI - ok
15:58:14.0465 0x051c  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
15:58:14.0496 0x051c  smphost - ok
15:58:14.0512 0x051c  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
15:58:14.0543 0x051c  SNMPTRAP - ok
15:58:14.0590 0x051c  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
15:58:14.0605 0x051c  spaceport - ok
15:58:14.0621 0x051c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
15:58:14.0637 0x051c  SpbCx - ok
15:58:14.0715 0x051c  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
15:58:14.0746 0x051c  Spooler - ok
15:58:14.0977 0x051c  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
15:58:15.0173 0x051c  sppsvc - ok
15:58:15.0226 0x051c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:58:15.0273 0x051c  srv - ok
15:58:15.0304 0x051c  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
15:58:15.0351 0x051c  srv2 - ok
15:58:15.0382 0x051c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
15:58:15.0413 0x051c  srvnet - ok
15:58:15.0460 0x051c  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:58:15.0507 0x051c  SSDPSRV - ok
15:58:15.0507 0x051c  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
15:58:15.0538 0x051c  SstpSvc - ok
15:58:15.0663 0x051c  [ 9F32B689FFC8F454D6086FC125001F84, C000811E9032F2607ECE62632921E71B92A4FF832856D59E74D95089699D8447 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
15:58:15.0679 0x051c  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
15:58:18.0288 0x051c  Detect skipped due to KSN trusted
15:58:18.0288 0x051c  STacSV - ok
15:58:18.0429 0x051c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
15:58:18.0445 0x051c  stexstor - ok
15:58:18.0492 0x051c  [ F4C2C83BAFEBABA3B934A934D3C7186B, C6C7AD8B511E710A3F4B96238ED8F11E34779E4B7F213C1FEC81FEE11D9FC505 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
15:58:18.0539 0x051c  STHDA - ok
15:58:18.0585 0x051c  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
15:58:18.0632 0x051c  stisvc - ok
15:58:18.0664 0x051c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
15:58:18.0679 0x051c  storahci - ok
15:58:18.0710 0x051c  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
15:58:18.0726 0x051c  storflt - ok
15:58:18.0726 0x051c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
15:58:18.0742 0x051c  stornvme - ok
15:58:18.0773 0x051c  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
15:58:18.0820 0x051c  StorSvc - ok
15:58:18.0820 0x051c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
15:58:18.0835 0x051c  storvsc - ok
15:58:18.0851 0x051c  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
15:58:18.0898 0x051c  svsvc - ok
15:58:18.0914 0x051c  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
15:58:18.0929 0x051c  swenum - ok
15:58:18.0976 0x051c  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
15:58:19.0039 0x051c  swprv - ok
15:58:19.0085 0x051c  [ ECC3E50A419EABCE700D3E956495E08C, FBC8E365BE88D37553E0C670984CAE0F3FE0A51B5EDBF627315F6FEBF23BBFC1 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:58:19.0101 0x051c  SynTP - ok
15:58:19.0179 0x051c  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
15:58:19.0242 0x051c  SysMain - ok
15:58:19.0273 0x051c  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
15:58:19.0304 0x051c  SystemEventsBroker - ok
15:58:19.0320 0x051c  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
15:58:19.0351 0x051c  TabletInputService - ok
15:58:19.0367 0x051c  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:58:19.0414 0x051c  TapiSrv - ok
15:58:19.0507 0x051c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
15:58:19.0585 0x051c  Tcpip - ok
15:58:19.0632 0x051c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:58:19.0726 0x051c  TCPIP6 - ok
15:58:19.0742 0x051c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
15:58:19.0773 0x051c  tcpipreg - ok
15:58:19.0804 0x051c  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
15:58:19.0851 0x051c  tdx - ok
15:58:19.0867 0x051c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
15:58:19.0882 0x051c  terminpt - ok
15:58:19.0945 0x051c  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
15:58:19.0992 0x051c  TermService - ok
15:58:20.0039 0x051c  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
15:58:20.0070 0x051c  Themes - ok
15:58:20.0101 0x051c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
15:58:20.0136 0x051c  THREADORDER - ok
15:58:20.0176 0x051c  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
15:58:20.0239 0x051c  TimeBroker - ok
15:58:20.0255 0x051c  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
15:58:20.0286 0x051c  TPM - ok
15:58:20.0286 0x051c  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
15:58:20.0317 0x051c  TrkWks - ok
15:58:20.0380 0x051c  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
15:58:20.0411 0x051c  TrustedInstaller - ok
15:58:20.0442 0x051c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
15:58:20.0458 0x051c  TsUsbFlt - ok
15:58:20.0473 0x051c  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
15:58:20.0489 0x051c  TsUsbGD - ok
15:58:20.0505 0x051c  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
15:58:20.0551 0x051c  tunnel - ok
15:58:20.0567 0x051c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
15:58:20.0583 0x051c  uagp35 - ok
15:58:20.0598 0x051c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
15:58:20.0614 0x051c  UASPStor - ok
15:58:20.0614 0x051c  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
15:58:20.0630 0x051c  UCX01000 - ok
15:58:20.0661 0x051c  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
15:58:20.0692 0x051c  udfs - ok
15:58:20.0708 0x051c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
15:58:20.0723 0x051c  UEFI - ok
15:58:20.0755 0x051c  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
15:58:20.0801 0x051c  UI0Detect - ok
15:58:20.0817 0x051c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
15:58:20.0833 0x051c  uliagpkx - ok
15:58:20.0848 0x051c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
15:58:20.0880 0x051c  umbus - ok
15:58:20.0880 0x051c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
15:58:20.0911 0x051c  UmPass - ok
15:58:20.0926 0x051c  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
15:58:20.0973 0x051c  UmRdpService - ok
15:58:20.0989 0x051c  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:58:21.0036 0x051c  upnphost - ok
15:58:21.0083 0x051c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
15:58:21.0098 0x051c  usbccgp - ok
15:58:21.0114 0x051c  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
15:58:21.0161 0x051c  usbcir - ok
15:58:21.0192 0x051c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
15:58:21.0208 0x051c  usbehci - ok
15:58:21.0239 0x051c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
15:58:21.0255 0x051c  usbhub - ok
15:58:21.0301 0x051c  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
15:58:21.0317 0x051c  USBHUB3 - ok
15:58:21.0380 0x051c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
15:58:21.0411 0x051c  usbohci - ok
15:58:21.0426 0x051c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
15:58:21.0442 0x051c  usbprint - ok
15:58:21.0473 0x051c  [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:58:21.0505 0x051c  usbscan - ok
15:58:21.0536 0x051c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
15:58:21.0551 0x051c  USBSTOR - ok
15:58:21.0583 0x051c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
15:58:21.0630 0x051c  usbuhci - ok
15:58:21.0661 0x051c  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
15:58:21.0692 0x051c  usbvideo - ok
15:58:21.0723 0x051c  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
15:58:21.0739 0x051c  USBXHCI - ok
15:58:21.0755 0x051c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
15:58:21.0770 0x051c  VaultSvc - ok
15:58:21.0786 0x051c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
15:58:21.0801 0x051c  vdrvroot - ok
15:58:21.0864 0x051c  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
15:58:21.0911 0x051c  vds - ok
15:58:21.0989 0x051c  [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv     C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
15:58:21.0989 0x051c  VeriFaceSrv - ok
15:58:22.0020 0x051c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
15:58:22.0036 0x051c  VerifierExt - ok
15:58:22.0067 0x051c  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
15:58:22.0098 0x051c  vhdmp - ok
15:58:22.0114 0x051c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
15:58:22.0130 0x051c  viaide - ok
15:58:22.0176 0x051c  [ D694ADCCEC8272594A63E226677663DE, 66A520F45C3CD57327F1410375FAACCFB535275604FB639813A6BAA797063F28 ] vm331avs        C:\WINDOWS\System32\Drivers\vm331avs.sys
15:58:22.0239 0x051c  vm331avs - ok
15:58:22.0255 0x051c  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
15:58:22.0270 0x051c  vmbus - ok
15:58:22.0286 0x051c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
15:58:22.0317 0x051c  VMBusHID - ok
15:58:22.0348 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
15:58:22.0380 0x051c  vmicguestinterface - ok
15:58:22.0395 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
15:58:22.0426 0x051c  vmicheartbeat - ok
15:58:22.0442 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
15:58:22.0473 0x051c  vmickvpexchange - ok
15:58:22.0489 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
15:58:22.0520 0x051c  vmicrdv - ok
15:58:22.0536 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
15:58:22.0576 0x051c  vmicshutdown - ok
15:58:22.0578 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
15:58:22.0609 0x051c  vmictimesync - ok
15:58:22.0625 0x051c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
15:58:22.0656 0x051c  vmicvss - ok
15:58:22.0687 0x051c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
15:58:22.0703 0x051c  volmgr - ok
15:58:22.0703 0x051c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
15:58:22.0734 0x051c  volmgrx - ok
15:58:22.0765 0x051c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
15:58:22.0797 0x051c  volsnap - ok
15:58:22.0797 0x051c  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
15:58:22.0812 0x051c  vpci - ok
15:58:22.0828 0x051c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
15:58:22.0844 0x051c  vsmraid - ok
15:58:22.0890 0x051c  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
15:58:22.0969 0x051c  VSS - ok
15:58:22.0984 0x051c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
15:58:23.0016 0x051c  VSTXRAID - ok
15:58:23.0044 0x051c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
15:58:23.0068 0x051c  vwifibus - ok
15:58:23.0093 0x051c  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
15:58:23.0117 0x051c  vwififlt - ok
15:58:23.0144 0x051c  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
15:58:23.0160 0x051c  vwifimp - ok
15:58:23.0206 0x051c  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
15:58:23.0253 0x051c  W32Time - ok
15:58:23.0285 0x051c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
15:58:23.0331 0x051c  WacomPen - ok
15:58:23.0394 0x051c  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
15:58:23.0456 0x051c  wbengine - ok
15:58:23.0503 0x051c  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
15:58:23.0550 0x051c  WbioSrvc - ok
15:58:23.0566 0x051c  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
15:58:23.0613 0x051c  Wcmsvc - ok
15:58:23.0628 0x051c  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
15:58:23.0660 0x051c  wcncsvc - ok
15:58:23.0675 0x051c  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
15:58:23.0706 0x051c  WcsPlugInService - ok
15:58:23.0722 0x051c  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
15:58:23.0738 0x051c  WdBoot - ok
15:58:23.0785 0x051c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
15:58:23.0816 0x051c  Wdf01000 - ok
15:58:23.0847 0x051c  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
15:58:23.0863 0x051c  WdFilter - ok
15:58:23.0878 0x051c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
15:58:23.0941 0x051c  WdiServiceHost - ok
15:58:23.0941 0x051c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
15:58:23.0972 0x051c  WdiSystemHost - ok
15:58:24.0003 0x051c  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
15:58:24.0019 0x051c  WdNisDrv - ok
15:58:24.0066 0x051c  WdNisSvc - ok
15:58:24.0097 0x051c  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:58:24.0113 0x051c  WebClient - ok
15:58:24.0144 0x051c  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
15:58:24.0191 0x051c  Wecsvc - ok
15:58:24.0206 0x051c  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
15:58:24.0238 0x051c  WEPHOSTSVC - ok
15:58:24.0269 0x051c  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
15:58:24.0316 0x051c  wercplsupport - ok
15:58:24.0331 0x051c  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
15:58:24.0394 0x051c  WerSvc - ok
15:58:24.0410 0x051c  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
15:58:24.0425 0x051c  WFPLWFS - ok
15:58:24.0441 0x051c  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
15:58:24.0472 0x051c  WiaRpc - ok
15:58:24.0488 0x051c  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
15:58:24.0503 0x051c  WIMMount - ok
15:58:24.0519 0x051c  WinDefend - ok
15:58:24.0581 0x051c  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
15:58:24.0628 0x051c  WinHttpAutoProxySvc - ok
15:58:24.0675 0x051c  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:58:24.0738 0x051c  Winmgmt - ok
15:58:24.0878 0x051c  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
15:58:24.0972 0x051c  WinRM - ok
15:58:25.0035 0x051c  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
15:58:25.0113 0x051c  WlanSvc - ok
15:58:25.0195 0x051c  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
15:58:25.0270 0x051c  wlidsvc - ok
15:58:25.0307 0x051c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
15:58:25.0356 0x051c  WmiAcpi - ok
15:58:25.0393 0x051c  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
15:58:25.0423 0x051c  wmiApSrv - ok
15:58:25.0433 0x051c  WMPNetworkSvc - ok
15:58:25.0465 0x051c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
15:58:25.0480 0x051c  Wof - ok
15:58:25.0543 0x051c  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
15:58:25.0621 0x051c  workfolderssvc - ok
15:58:25.0652 0x051c  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
15:58:25.0668 0x051c  wpcfltr - ok
15:58:25.0683 0x051c  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
15:58:25.0699 0x051c  WPCSvc - ok
15:58:25.0746 0x051c  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
15:58:25.0777 0x051c  WPDBusEnum - ok
15:58:25.0808 0x051c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
15:58:25.0824 0x051c  WpdUpFltr - ok
15:58:25.0824 0x051c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:58:25.0871 0x051c  ws2ifsl - ok
15:58:25.0902 0x051c  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
15:58:25.0933 0x051c  wscsvc - ok
15:58:25.0933 0x051c  WSearch - ok
15:58:26.0074 0x051c  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
15:58:26.0183 0x051c  WSService - ok
15:58:26.0215 0x051c  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
15:58:26.0215 0x051c  wsvd - ok
15:58:26.0340 0x051c  [ D24002EB2F4A8A04897703067E81CC5D, 03806198D26DD7BA3E27EFE0911B49E5B48CAD8A05EC4F56AF45CF1E3FAD6916 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
15:58:26.0433 0x051c  wuauserv - ok
15:58:26.0465 0x051c  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
15:58:26.0480 0x051c  WudfPf - ok
15:58:26.0496 0x051c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
15:58:26.0527 0x051c  WUDFRd - ok
15:58:26.0543 0x051c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:58:26.0558 0x051c  WUDFSensorLP - ok
15:58:26.0590 0x051c  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
15:58:26.0605 0x051c  wudfsvc - ok
15:58:26.0621 0x051c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:58:26.0637 0x051c  WUDFWpdFs - ok
15:58:26.0683 0x051c  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
15:58:26.0762 0x051c  WwanSvc - ok
15:58:26.0793 0x051c  ================ Scan global ===============================
15:58:26.0840 0x051c  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
15:58:26.0869 0x051c  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
15:58:26.0904 0x051c  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
15:58:26.0935 0x051c  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
15:58:26.0951 0x051c  [ Global ] - ok
15:58:26.0951 0x051c  ================ Scan MBR ==================================
15:58:26.0967 0x051c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:58:27.0029 0x051c  \Device\Harddisk0\DR0 - ok
15:58:27.0029 0x051c  ================ Scan VBR ==================================
15:58:27.0060 0x051c  [ A76601D08E2166C37DD6D88205BC9F5F ] \Device\Harddisk0\DR0\Partition1
15:58:27.0123 0x051c  \Device\Harddisk0\DR0\Partition1 - ok
15:58:27.0139 0x051c  [ 0C1E8AF72A1368FEC6550A965C24F5AB ] \Device\Harddisk0\DR0\Partition2
15:58:27.0201 0x051c  \Device\Harddisk0\DR0\Partition2 - ok
15:58:27.0217 0x051c  [ EB584D40AF11A23AD1A71057AEC3CF2D ] \Device\Harddisk0\DR0\Partition3
15:58:27.0264 0x051c  \Device\Harddisk0\DR0\Partition3 - ok
15:58:27.0279 0x051c  [ 224B421F68647F69CE3E345274812FCE ] \Device\Harddisk0\DR0\Partition4
15:58:27.0279 0x051c  \Device\Harddisk0\DR0\Partition4 - ok
15:58:27.0295 0x051c  [ 03C2AF8CDBC8365BC5F24708B048F081 ] \Device\Harddisk0\DR0\Partition5
15:58:27.0373 0x051c  \Device\Harddisk0\DR0\Partition5 - ok
15:58:27.0389 0x051c  [ 9D50EB0A8DFCECB3BFCD88D17B3F1BBA ] \Device\Harddisk0\DR0\Partition6
15:58:27.0404 0x051c  \Device\Harddisk0\DR0\Partition6 - ok
15:58:27.0420 0x051c  [ B323AA0E361BFB0F764C34E6F87E5A4C ] \Device\Harddisk0\DR0\Partition7
15:58:27.0435 0x051c  \Device\Harddisk0\DR0\Partition7 - ok
15:58:27.0435 0x051c  ================ Scan generic autorun ======================
15:58:27.0482 0x051c  [ 0EAE939B0D0FAB8E92070E9EBD4796FD, BD45E996A936DCF587D18C2FAEDD860F06D0890C845B25F1C35168E03607486F ] C:\WINDOWS\system32\igfxtray.exe
15:58:27.0514 0x051c  IgfxTray - ok
15:58:27.0545 0x051c  [ 141E537EB589E94701D8E352A1963ED3, 482CA7336712755851504FD1F895D701293E92D7F834BF77F0DA7FFCFCEE0154 ] C:\WINDOWS\system32\hkcmd.exe
15:58:27.0576 0x051c  HotKeysCmds - ok
15:58:27.0592 0x051c  [ 5A4FE3D8D6A23254554F5A239F903F71, 8734352A94255268E1436EEF01AB87CCA1529DC009074181BFF3161B8E08AF9A ] C:\WINDOWS\system32\igfxpers.exe
15:58:27.0623 0x051c  Persistence - ok
15:58:27.0701 0x051c  [ 37F0C08BFCEDF218A43C84B2447AACB1, 895C1EAF1BC4C7CB4AA803D19A422E8CC59FDC07FAC1A78E5FCC03C31D4AFB84 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
15:58:27.0717 0x051c  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
15:58:30.0551 0x0a50  Object required for P2P: [ 3D748E5558FD9A9F03182CB2330698DC ] TermService
15:58:30.0583 0x051c  Detect skipped due to KSN trusted
15:58:30.0583 0x051c  IAStorIcon - ok
15:58:30.0708 0x051c  [ 0B27419E1FF4F326D07FF1D6EBAD20E8, FF3DD255B99676B4AC0EE1F32BBBF9B601392F37A54B62EB704F0060248F7D35 ] C:\Program Files\IDT\WDM\sttray64.exe
15:58:30.0770 0x051c  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
15:58:34.0529 0x051c  Detect skipped due to KSN trusted
15:58:34.0529 0x051c  SysTrayApp - ok
15:58:34.0529 0x051c  SynTPEnh - ok
15:58:34.0966 0x051c  [ 8AFBDD458A6CBBC5654D959C03C2A87A, D27889AEA72F316A2FBAF06AAF3D94B823875D6108E12CAF7B76B3293C22D1CD ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
15:58:35.0486 0x051c  Energy Manager - ok
15:58:35.0518 0x051c  [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
15:58:35.0533 0x051c  Lenovo Utility - ok
15:58:35.0565 0x051c  [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
15:58:35.0611 0x051c  331BigDog - ok
15:58:35.0658 0x0a50  Object send P2P result: true
15:58:35.0674 0x051c  [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
15:58:35.0690 0x051c  UpdateP2GShortCut - ok
15:58:35.0971 0x051c  [ 07AF92553C94A548C38BE54B6A668318, C43269A6F2B7F95290D4ABF9EFDA8E2631408671A7A6E01A06DD90E503467C36 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:58:36.0121 0x051c  AvastUI.exe - ok
15:58:36.0137 0x051c  Skype - ok
15:58:36.0139 0x051c  Waiting for KSN requests completion. In queue: 5
15:58:37.0155 0x051c  Waiting for KSN requests completion. In queue: 5
15:58:38.0164 0x051c  Waiting for KSN requests completion. In queue: 5
15:58:39.0278 0x051c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
15:58:39.0295 0x051c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
15:58:39.0332 0x051c  Win FW state via NFP2: enabled
15:58:41.0875 0x051c  ============================================================
15:58:41.0875 0x051c  Scan finished
15:58:41.0875 0x051c  ============================================================
15:58:41.0883 0x0580  Detected object count: 0
15:58:41.0883 0x0580  Actual detected object count: 0
         

Schade...die Idee war das Zeug mit dem Tool zu killen. Combofix geht wegen Win8 nicht...

Zitat:

15:57:47.0147 0x051c [ E108CBCC85FBC63EBEB449E0D45A671B, FB95AF18318BF6A431908D9F927D0C6A41C8843FA58785BA280391B4F5762223 ] cmwf C:\WINDOWS\system32\Drivers\cmwf.sys
15:57:47.0147 0x051c Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\cmwf.sys. md5: E108CBCC85FBC63EBEB449E0D45A671B, sha256: FB95AF18318BF6A431908D9F927D0C6A41C8843FA58785BA280391B4F5762223
15:57:47.0147 0x051c cmwf - detected LockedFile.Multi.Generic ( 1 )
15:57:49.0794 0x051c Detect skipped due to KSN trusted
15:57:49.0794 0x051c cmwf - ok
15:57:49.0809 0x051c CMWFP - ok

Das ist er übrigens, nur lästig - nicht böse.

https://www.virustotal.com/de/file/f...2223/analysis/

Ok, dann so:

Schritt 1

• Lade Dir bitte Blitzblank auf Deinen Desktop Download
• Starte das Tool und klicke auf "Script" [1]
• Kopiere folgendes Script und füge es in das Scriptfenster ein: [2]
  
  Code: Alles auswählenAufklappen

  ATTFilter

  DisableDriver: 
  	cmwr.sys
  	cmwf.sys
           

• Klicke anschließend auf "Jetzt ausführen" [3]
  

Bitte poste nach einem Neustart ein frisches FRST-Log.

Syntaxfehler in Zeile 5
ungültiger Dateipfad

Diese Fehlermeldung taucht jetzt auf.
Sorry das ich soviel Arbeit bereite.