| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows wird in einer Minute heruntergefahrenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2015, 00:15
| #1 |
| |  Windows wird in einer Minute heruntergefahren Hallo zusammen, hatte gestern zum ersten mal die Meldung das mein Windows in einer Minute heruntergefahren wird. Jedoch ist dies dann nicht passiert und ich habe es erstmal als Fehler abgetan. Heute hatte ich die Meldung erneut. Jedoch wieder ohne Folge. Mein Gedanke ist natürlich, dass es sich um einen Virus oder Trojaner handeln könnte. Ich nutze Windows 7 64 bit Version. Danke und mfg |
|
17.03.2015, 06:41
| #2 |
| /// the machine /// TB-Ausbilder    | Windows wird in einer Minute heruntergefahren hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.03.2015, 10:31
| #3 |
| | Windows wird in einer Minute heruntergefahren Hallo hier dir FRST:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by T410 (administrator) on T410-PC on 17-03-2015 10:22:49 Running from C:\Users\T410\Downloads Loaded Profiles: T410 (Available profiles: T410) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Beratungstechnologie) C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Oracle Corporation) C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\oracle.exe () C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Oracle Corporation) C:\Program Files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384296 2013-08-21] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1167360 2009-08-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-09] (Memeo Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-4019914278-3383403226-850106173-1000\...\Run: [Amazon Music] => C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] () Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BasisAutostart.lnk ShortcutTarget: BasisAutostart.lnk -> C:\Programme\Nuernberger\Basis\bin\BasisAutostart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-4019914278-3383403226-850106173-1000 -> {76DB03E3-82E0-453E-8523-ADF5ED0A5824} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default FF SelectedSearchEngine: Search By ZoneAlarm FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-06] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-06] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\user.js [2015-02-11] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.) FF SearchPlugin: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\searchplugins\avira-safesearch.xml [2015-02-27] FF SearchPlugin: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\searchplugins\zonealarm.xml [2015-02-11] FF Extension: Avira Browser Safety - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\abs@avira.com [2015-03-09] FF Extension: Avira SafeSearch - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\safesearch@avira.com [2015-02-27] FF Extension: Adblock Plus - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-25] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed] R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 OracleJobSchedulerBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed] S3 OracleMTSRecoveryService; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed] R2 OracleServiceBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed] R2 OracleXETNSListener; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] () [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-10-31] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) U2 OracleOraHomeXEBASISSTNSListener; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-17 10:22 - 2015-03-17 10:23 - 00023455 _____ () C:\Users\T410\Downloads\FRST.txt 2015-03-17 10:22 - 2015-03-17 10:22 - 00000000 ____D () C:\FRST 2015-03-17 10:21 - 2015-03-17 10:21 - 02095616 _____ (Farbar) C:\Users\T410\Downloads\FRST64.exe 2015-03-17 01:13 - 2015-03-17 10:18 - 00000112 _____ () C:\Windows\setupact.log 2015-03-17 01:13 - 2015-03-17 01:13 - 00000652 _____ () C:\Windows\PFRO.log 2015-03-17 01:13 - 2015-03-17 01:13 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-17 01:10 - 2015-03-17 01:10 - 00060466 _____ () C:\Users\T410\Desktop\AVSCAN-20150317-010618-E1FD7FCC.LOG 2015-03-17 01:05 - 2015-03-17 01:05 - 00060394 _____ () C:\Users\T410\Desktop\AVSCAN-20150317-003331-B17390CF.LOG 2015-03-16 23:32 - 2015-03-17 10:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-16 23:32 - 2015-03-16 23:32 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-16 23:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-16 23:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-16 23:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-16 11:57 - 2015-03-16 11:57 - 00000000 _____ () C:\Users\T410\Sti_Trace.log 2015-03-15 22:30 - 2015-03-15 22:30 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner 2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 _____ () C:\Users\T410\Desktop\chudy rs provisio.txt 2015-03-13 22:47 - 2015-03-13 22:47 - 00000046 _____ () C:\Users\T410\Desktop\kdg 1 &1.txt 2015-03-10 23:33 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 23:33 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 23:33 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 23:33 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 23:33 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 23:33 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 23:33 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 23:33 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 23:33 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 23:33 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 23:33 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 23:33 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 23:33 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 23:33 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 23:33 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 23:33 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 23:32 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 23:32 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 23:32 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 23:32 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 23:32 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 23:32 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 23:32 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 23:32 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 23:32 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 23:32 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 23:32 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 23:32 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 23:32 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 23:32 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 23:32 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 23:32 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 23:32 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 23:32 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 23:32 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 23:32 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 23:32 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 23:32 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 23:32 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 23:32 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 23:32 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 23:32 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 23:32 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 23:32 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 23:32 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 23:32 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 23:32 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 23:32 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 23:32 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 23:32 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 23:32 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 23:32 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 23:31 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 23:31 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-09 22:44 - 2015-03-11 13:56 - 00000000 ___HD () C:\_Memeo 2015-03-09 22:44 - 2015-03-09 22:44 - 00000000 ____D () C:\ProgramData\MemeoCommon 2015-03-09 22:29 - 2015-03-09 22:29 - 00001118 _____ () C:\Users\T410\Desktop\Amazon Music.lnk 2015-03-09 21:15 - 2015-03-09 21:15 - 00001151 _____ () C:\Users\Public\Desktop\Memeo AutoSync.lnk 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Program Files (x86)\Memeo 2015-03-07 17:19 - 2015-03-07 17:19 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2015-03-06 20:19 - 2015-03-06 20:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-06 20:17 - 2015-03-06 20:17 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Avira 2015-03-06 20:16 - 2015-02-25 17:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-06 20:16 - 2015-02-25 17:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-06 20:16 - 2015-02-25 17:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-06 20:13 - 2015-03-06 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-06 20:13 - 2015-03-06 20:16 - 00000000 ____D () C:\ProgramData\Avira 2015-03-06 19:35 - 2015-03-06 19:35 - 00002213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-03-06 19:35 - 2015-03-06 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2015-03-06 19:35 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-03-06 19:35 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-03-06 19:35 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-03-06 19:33 - 2015-03-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-03-06 19:32 - 2015-03-06 19:33 - 00000000 ____D () C:\Users\T410\AppData\Local\AvgSetupLog 2015-03-06 13:12 - 2015-03-06 13:12 - 00000000 ____D () C:\Users\T410\AppData\Local\Macromedia 2015-03-06 13:11 - 2015-03-06 13:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-06 13:11 - 2015-03-06 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-06 11:40 - 2015-03-06 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-04 09:15 - 2015-03-04 09:15 - 00001077 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTnet 01.2015.lnk 2015-03-04 09:15 - 2015-03-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTnet 01.2015 2015-02-25 13:42 - 2015-02-25 13:42 - 00000000 ____D () C:\Users\Stephan 2015-02-25 13:36 - 2015-02-25 13:44 - 00012694 _____ () C:\Windows\BASIS_Server.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00001591 _____ () C:\Users\Public\Desktop\BASIS.lnk 2015-02-25 13:36 - 2015-02-25 13:36 - 00000059 _____ () C:\Windows\BASIS_VB_Client.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BASIS 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\Program Files\JavaSoft 2015-02-25 13:36 - 2015-02-12 15:25 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-02-25 13:36 - 2001-08-27 16:41 - 00007568 _____ (pdv) C:\Windows\SysWOW64\Sysres16.exe 2015-02-25 13:36 - 2001-05-23 14:13 - 00221184 _____ () C:\Windows\SysWOW64\MSWLESS.oca 2015-02-25 13:36 - 2001-05-16 09:53 - 00022016 _____ () C:\Windows\SysWOW64\MSWINSCK.oca 2015-02-25 13:36 - 2001-03-19 21:42 - 00017920 _____ () C:\Windows\SysWOW64\sqaote32.oca 2015-02-25 13:36 - 2000-10-19 18:07 - 01101312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2015-02-25 13:36 - 2000-08-29 00:00 - 00516173 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcp60d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00798773 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfco42d.dll 2015-02-25 13:36 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx 2015-02-25 13:36 - 2000-03-22 23:02 - 00074000 _____ (Rational Software) C:\Windows\SysWOW64\sqaote32.ocx 2015-02-25 13:36 - 1999-12-10 14:00 - 00537360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll 2015-02-25 13:36 - 1999-12-10 14:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrnde.dll 2015-02-25 13:36 - 1999-05-07 13:24 - 00645616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2015-02-25 13:36 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2015-02-25 13:36 - 1999-03-23 01:00 - 00401484 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcrtd.dll 2015-02-25 13:36 - 1999-02-23 02:25 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GAPI32.DLL 2015-02-25 13:36 - 1998-06-24 19:56 - 00386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswless.ocx 2015-02-25 13:36 - 1995-08-15 01:00 - 00935632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40016.dll 2015-02-25 13:36 - 1995-08-15 01:00 - 00536048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oc25.dll 2015-02-25 13:35 - 2015-02-25 13:35 - 00024406 _____ () C:\log.LOG 2015-02-25 13:28 - 2015-03-06 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 10g Express Edition 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio .NET 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\OraHomeXEBASIS 2015-02-25 13:26 - 2015-02-25 13:26 - 00000000 ____D () C:\Program Files\Nuernberger 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iTunes 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iPod 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-23 18:24 - 2015-02-23 18:24 - 00000000 ____D () C:\Program Files (x86)\Nuernberger 2015-02-22 21:45 - 2015-02-22 21:45 - 00002425 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTplus 01.2015.lnk 2015-02-22 21:44 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTplus 01.2015 2015-02-20 17:14 - 2015-03-16 12:04 - 00000000 ____D () C:\Users\T410\Desktop\Aktenablage 2015-02-18 11:41 - 2015-02-18 11:41 - 00000000 ___SD () C:\Users\T410\Documents\Eigene Datenquellen 2015-02-16 14:28 - 2015-02-16 14:28 - 00003172 _____ () C:\Windows\System32\Tasks\hcdll2_ex_Win32 2015-02-16 14:28 - 2015-02-16 14:28 - 00003168 _____ () C:\Windows\System32\Tasks\hcdll2_ex_x64 2015-02-16 14:28 - 2015-02-16 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck 2015-02-16 14:28 - 2015-02-16 14:28 - 00000000 ____D () C:\Program Files (x86)\Hardcopy 2015-02-16 14:27 - 2012-07-12 06:18 - 01707520 _____ (www.sw4you.de Siegfried Weckmann) C:\Windows\SwSetupu.exe 2015-02-16 14:23 - 2015-02-16 14:23 - 00000000 ___RD () C:\Users\T410\AppData\Roaming\Brother 2015-02-16 14:05 - 2015-02-19 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-02-16 14:05 - 2015-02-16 14:05 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2015-02-16 14:05 - 2015-02-16 14:05 - 00000000 ____D () C:\Users\T410\AppData\Roaming\pdfforge 2015-02-16 14:05 - 2015-02-16 14:05 - 00000000 ____D () C:\Users\T410\AppData\Local\pdfforge 2015-02-16 14:05 - 2015-02-16 14:05 - 00000000 ____D () C:\Users\T410\AppData\Local\PDFCreator 2015-02-16 14:05 - 2015-02-16 14:05 - 00000000 ____D () C:\Program Files\PDFCreator 2015-02-16 13:11 - 2015-02-16 13:11 - 00003704 _____ () C:\Windows\System32\Tasks\Java Platform SE Auto Updater 2015-02-15 22:19 - 2015-02-15 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-02-15 22:18 - 2015-02-15 22:18 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-02-15 14:46 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-02-15 14:46 - 2014-08-30 03:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-15 14:46 - 2014-08-30 02:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-17 10:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-17 01:17 - 2013-11-09 12:20 - 01284012 _____ () C:\Windows\WindowsUpdate.log 2015-03-17 01:17 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-17 01:17 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-17 01:15 - 2015-02-11 21:07 - 00000000 ____D () C:\Users\T410\Outlook 2015-03-16 23:30 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\NBG_Kunden 2015-03-16 17:55 - 2011-04-12 08:26 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-16 17:55 - 2011-04-12 08:26 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-16 17:55 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-16 11:57 - 2013-11-09 12:49 - 00000000 ____D () C:\Users\T410 2015-03-16 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-15 22:10 - 2015-02-11 22:58 - 00000000 ____D () C:\Users\T410\Verkaufsunterstützung 2015-03-15 22:10 - 2015-02-11 22:51 - 00000000 ____D () C:\Users\T410\others 2015-03-15 21:56 - 2015-02-11 22:54 - 00000000 ____D () C:\Users\T410\Privat 2015-03-15 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-15 13:16 - 2015-02-11 23:01 - 00000000 ____D () C:\Users\T410\Aktionen 2015-03-15 12:58 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc 2015-03-15 12:19 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Vorgänge 2015-03-15 12:02 - 2015-02-12 15:35 - 00067072 ___SH () C:\Users\T410\Thumbs.db 2015-03-15 11:57 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Agentur 2015-03-14 22:43 - 2015-02-12 10:20 - 00099840 _____ () C:\Users\T410\Antragsstatistik 2015.xls 2015-03-14 21:59 - 2015-02-12 10:20 - 00157696 _____ () C:\Users\T410\Antragsstatistik 2014.xls 2015-03-11 14:56 - 2015-02-11 20:18 - 00000000 ____D () C:\ProgramData\AVG 2015-03-11 13:55 - 2015-02-12 10:22 - 00000000 ____D () C:\Users\T410\Desktop\CLEFFMANN 2015-03-11 13:07 - 2015-02-12 12:45 - 00000336 _____ () C:\Windows\BRCALIB.INI 2015-03-11 12:53 - 2009-07-14 05:45 - 00414016 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-10 23:46 - 2015-02-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-10 23:43 - 2013-11-09 18:43 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-10 23:42 - 2013-11-09 18:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 19:40 - 2015-02-11 22:57 - 00000000 ____D () C:\Users\T410\Schäden 2015-03-09 13:33 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\BT-NET Angebote 2015-03-07 23:26 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Kunden 2015-03-06 20:16 - 2015-02-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-06 20:13 - 2015-02-11 20:04 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-06 19:33 - 2015-02-11 20:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-03-06 19:08 - 2015-02-11 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-06 15:43 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Anschreiben Tobi 2015-03-06 13:12 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe 2015-03-06 12:45 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Analysebögen 2015-03-06 11:45 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Word 2015-03-05 12:34 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Femdkündigungen 2015-03-04 16:16 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\Kundeninfo NÜRNBERGER 2015-02-26 17:32 - 2013-11-09 12:50 - 00000000 ____D () C:\Users\T410\AppData\Local\VirtualStore 2015-02-25 13:38 - 2013-11-09 12:56 - 00109680 _____ () C:\Users\T410\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-25 13:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-02-25 13:29 - 2013-11-09 18:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-23 18:33 - 2015-02-12 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-23 18:33 - 2015-02-12 10:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-23 15:33 - 2015-02-12 15:13 - 00000000 ____D () C:\ProgramData\firebird 2015-02-22 21:44 - 2015-02-12 14:24 - 00000000 ____D () C:\Program Files (x86)\NuernbergerBT 2015-02-19 14:25 - 2015-02-11 20:28 - 00000000 ____D () C:\Users\T410\AppData\Local\Microsoft Help 2015-02-18 17:20 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Gewerbekunden 2015-02-17 11:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-02-15 14:57 - 2015-02-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Some content of TEMP: ==================== C:\Users\T410\AppData\Local\Temp\avgnt.exe C:\Users\T410\AppData\Local\Temp\jna1340255804405596556.dll C:\Users\T410\AppData\Local\Temp\jna1615681904888754662.dll C:\Users\T410\AppData\Local\Temp\jna1761454685846925257.dll C:\Users\T410\AppData\Local\Temp\jna4916808359591947252.dll C:\Users\T410\AppData\Local\Temp\jna936127118835964817.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 13:36 ==================== End Of Log ============================ --- --- --- --- --- --- und die addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by T410 at 2015-03-17 10:23:28
Running from C:\Users\T410\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-4019914278-3383403226-850106173-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
BASIS (HKLM-x32\...\BASIS) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5895CW (HKLM-x32\...\{184BF682-537C-4CAE-8789-6696508A4032}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
BT Installationschecker (HKLM-x32\...\{1515F8EF-DF0B-43BB-B24E-7BAAD8BCB486}) (Version: 1.0.5431.15911 - NÜRNBERGER Beratungstechnologie)
BTnet 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet AVB Steuerung 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet Datenbanken 01.2015 (x32 Version: 15.01.5535.17082 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet Java-Umgebung 01.2015 (x32 Version: 15.01.5431.36650 - NÜRNBERGER Beratungstechnologie) Hidden
BTnet PortCommunicator 01.2015 (x32 Version: 15.01.5462.27583 - NÜRNBERGER Beratungstechnologie) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.63.1 - Lenovo Group Limited)
FMW 1 (Version: 1.0.308 - AVG Technologies) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2015.02.03 - www.hardcopy.de)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 10 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216010FF}) (Version: 6.0.100 - Sun Microsystems, Inc.)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0008 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NÜRNBERGER Autoupdater (HKLM-x32\...\{228175bf-fd4e-4c33-bc36-a3365acd8f17}) (Version: 2.1.5521.22346 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER Autoupdater (x32 Version: 2.1.5521.22346 - NUERNBERGER Versicherungsgruppe) Hidden
NÜRNBERGER BTnet 01.2015 SP2.3 (HKLM-x32\...\{29fa30dd-61b6-47f5-9cc6-e4f1aa89074e}) (Version: 15.1.5535.17082 - NÜRNBERGER Beratungstechnologie)
NÜRNBERGER BTplus 01.2015 (x32 Version: 15.01.5490.34919 - NÜRNBERGER Beratungstechnologie) Hidden
NÜRNBERGER BTplus 01.2015 SP0.1 (HKLM-x32\...\{00dbfaf3-d84b-4edd-8bf0-4e4ef871f26e}) (Version: 15.01.5490.34919 - NÜRNBERGER Beratungstechnologie)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.000 - Oracle Corporation)
Oracle Database 10g Express Edition (HKLM-x32\...\InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}) (Version: 10.2.1015 - Oracle Corporation)
Oracle Database 10g Express Edition (x32 Version: 10.2.1015 - Oracle Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
StepOver eSignatureOffice for BTnet (x32 Version: 15.1.5451.28180 - NÜRNBERGER Beratungstechnologie) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.10 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.09 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKU\S-1-5-21-4019914278-3383403226-850106173-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-03-2015 23:41:05 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {20CD05C9-6526-468E-8DF0-2EE061CC7234} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-10-31] ()
Task: {23CBA44F-9958-47F6-938A-BDA2F7AEAB55} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2D6283C1-EB9C-4153-A41A-35C56CB7903A} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2013-07-17] ()
Task: {CFC4EE83-5027-473B-8E59-689CE760DB02} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {F24C0479-F3BA-41C7-8B2C-A89F3FDA2B36} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {F78AE536-FD6A-4199-B3D9-DAFB5920868F} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
==================== Loaded Modules (whitelisted) ==============
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-16 14:27 - 2015-01-25 15:28 - 00155616 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_44_x64.dll
2015-02-16 14:27 - 2013-07-17 16:03 - 00037880 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2015-02-16 14:27 - 2012-11-08 07:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2013-11-09 18:16 - 2013-09-03 06:03 - 00117248 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-06-13 19:37 - 2011-06-13 19:37 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2006-02-02 00:49 - 2006-02-02 00:49 - 00204800 _____ () C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
2015-02-12 12:45 - 2010-03-16 00:18 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2013-11-09 18:04 - 2012-01-10 13:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-09 22:29 - 2015-03-02 23:44 - 05886272 _____ () C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-02-16 14:27 - 2012-07-05 14:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2015-02-16 14:27 - 2015-01-25 15:27 - 00141792 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_44_Win32.dll
2006-02-02 00:43 - 2006-02-02 00:43 - 00006144 _____ () c:\orahomexebasis\app\oracle\product\10.2.0\server\bin\orajox10.dll
2006-02-02 00:47 - 2006-02-02 00:47 - 00057344 _____ () C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\onsclient.dll
2013-08-20 17:02 - 2013-08-20 17:02 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-16 14:27 - 2015-01-30 15:22 - 03650016 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2015-02-12 12:45 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-03-06 19:32 - 2015-03-06 19:32 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
2010-04-09 22:59 - 2010-04-09 22:59 - 00024288 _____ () C:\Program Files (x86)\Memeo\AutoSync\Memeo.Client.DriveDetection.dll
2010-04-09 22:59 - 2010-04-09 22:59 - 00038112 _____ () C:\Program Files (x86)\Memeo\AutoSync\NamedPipes.dll
2010-02-10 02:20 - 2010-02-10 02:20 - 00491202 _____ () C:\Program Files (x86)\Memeo\AutoSync\sqlite3.DLL
2010-04-09 22:59 - 2010-04-09 22:59 - 00165088 _____ () C:\Program Files (x86)\Memeo\AutoSync\providers\Memeo.Server.Providers.FileCopySyncProvider.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4019914278-3383403226-850106173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\T410\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-4019914278-3383403226-850106173-500 - Administrator - Disabled)
Gast (S-1-5-21-4019914278-3383403226-850106173-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4019914278-3383403226-850106173-1002 - Limited - Enabled)
T410 (S-1-5-21-4019914278-3383403226-850106173-1000 - Administrator - Enabled) => C:\Users\T410
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 10:20:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 01:15:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 11:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(78:a3:e4:87:c3:4f@fe80::7aa3:e4ff:fe87:c34f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (03/16/2015 11:17:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
System errors:
=============
Error: (03/13/2015 11:15:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/10/2015 11:41:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/09/2015 08:48:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (03/09/2015 00:53:16 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (03/09/2015 00:20:13 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 77%
Total physical RAM: 3891.67 MB
Available physical RAM: 891.97 MB
Total Pagefile: 7781.53 MB
Available Pagefile: 4112.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:19.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F0F91D87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Weder Avira, zone alarm, noch Malewarebites haben Infektionen gemeldet bisher. |
|
17.03.2015, 15:49
| #4 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.03.2015, 16:14
| #5 |
| | Windows wird in einer Minute heruntergefahren Hallo Schrauber, habe die mbar ausgeführt. Allerdings wurden hier angezeit keine Malware vorhanden. Also kein Clean Up nötig. Nun trotzdem den 2.Schritt mit dem TDSSKiller ausführen ? schon mal vielen lieben dank Das hier ist die txt. datei von mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.17.04
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
T410 :: T410-PC [administrator]
17.03.2015 16:04:35
mbar-log-2015-03-17 (16-04-35).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 397033
Time elapsed: 7 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
|
|
18.03.2015, 08:13
| #6 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren ja bitte.
__________________ --> Windows wird in einer Minute heruntergefahren |
|
18.03.2015, 08:50
| #7 |
| | Windows wird in einer Minute heruntergefahren Auch wieder ohne Funde: Code:
ATTFilter 08:45:23.0213 0x1e64 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:45:42.0238 0x1e64 ============================================================
08:45:42.0238 0x1e64 Current date / time: 2015/03/18 08:45:42.0238
08:45:42.0238 0x1e64 SystemInfo:
08:45:42.0238 0x1e64
08:45:42.0238 0x1e64 OS Version: 6.1.7601 ServicePack: 1.0
08:45:42.0238 0x1e64 Product type: Workstation
08:45:42.0238 0x1e64 ComputerName: T410-PC
08:45:42.0239 0x1e64 UserName: T410
08:45:42.0239 0x1e64 Windows directory: C:\Windows
08:45:42.0239 0x1e64 System windows directory: C:\Windows
08:45:42.0239 0x1e64 Running under WOW64
08:45:42.0239 0x1e64 Processor architecture: Intel x64
08:45:42.0239 0x1e64 Number of processors: 4
08:45:42.0239 0x1e64 Page size: 0x1000
08:45:42.0239 0x1e64 Boot type: Normal boot
08:45:42.0239 0x1e64 ============================================================
08:45:42.0561 0x1e64 KLMD registered as C:\Windows\system32\drivers\93326318.sys
08:45:42.0825 0x1e64 System UUID: {F314C76F-A445-5F91-0795-66459D4DB4D4}
08:45:44.0071 0x1e64 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:45:44.0078 0x1e64 ============================================================
08:45:44.0078 0x1e64 \Device\Harddisk0\DR0:
08:45:44.0078 0x1e64 MBR partitions:
08:45:44.0078 0x1e64 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:45:44.0078 0x1e64 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61000
08:45:44.0078 0x1e64 ============================================================
08:45:44.0080 0x1e64 C: <-> \Device\Harddisk0\DR0\Partition2
08:45:44.0080 0x1e64 ============================================================
08:45:44.0080 0x1e64 Initialize success
08:45:44.0080 0x1e64 ============================================================
08:47:06.0240 0x1370 ============================================================
08:47:06.0240 0x1370 Scan started
08:47:06.0240 0x1370 Mode: Manual; SigCheck; TDLFS;
08:47:06.0240 0x1370 ============================================================
08:47:06.0240 0x1370 KSN ping started
08:47:09.0048 0x1370 KSN ping finished: true
08:47:09.0765 0x1370 ================ Scan system memory ========================
08:47:09.0765 0x1370 System memory - ok
08:47:09.0765 0x1370 ================ Scan services =============================
08:47:09.0828 0x1370 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
08:47:09.0984 0x1370 1394ohci - ok
08:47:10.0046 0x1370 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:47:10.0077 0x1370 ACPI - ok
08:47:10.0093 0x1370 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:47:10.0155 0x1370 AcpiPmi - ok
08:47:10.0171 0x1370 [ 5DB42A8721B35E0EF2D143064CF44AB0, 7F994ED1DCE68A37C5F4D3F9F48CCE05FEF525A5BCD4E3086BE1E071291F562B ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
08:47:10.0233 0x1370 AcPrfMgrSvc - ok
08:47:10.0249 0x1370 [ 38AD5243B7BE8F2067D28D1711F7A74F, A68201112B1AFDFD00E98279FD853A5ACE5591B01F62929B9B6F66A6DB28F323 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
08:47:10.0311 0x1370 AcSvc - ok
08:47:10.0327 0x1370 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:47:10.0374 0x1370 AdobeARMservice - ok
08:47:10.0421 0x1370 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:47:10.0499 0x1370 adp94xx - ok
08:47:10.0530 0x1370 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:47:10.0577 0x1370 adpahci - ok
08:47:10.0592 0x1370 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:47:10.0655 0x1370 adpu320 - ok
08:47:10.0686 0x1370 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:47:10.0826 0x1370 AeLookupSvc - ok
08:47:10.0873 0x1370 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
08:47:10.0967 0x1370 AFD - ok
08:47:10.0982 0x1370 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:47:11.0045 0x1370 agp440 - ok
08:47:11.0060 0x1370 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:47:11.0138 0x1370 ALG - ok
08:47:11.0154 0x1370 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:47:11.0201 0x1370 aliide - ok
08:47:11.0201 0x1370 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:47:11.0247 0x1370 amdide - ok
08:47:11.0263 0x1370 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:47:11.0310 0x1370 AmdK8 - ok
08:47:11.0325 0x1370 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:47:11.0372 0x1370 AmdPPM - ok
08:47:11.0388 0x1370 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:47:11.0435 0x1370 amdsata - ok
08:47:11.0450 0x1370 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:47:11.0513 0x1370 amdsbs - ok
08:47:11.0528 0x1370 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:47:11.0559 0x1370 amdxata - ok
08:47:11.0606 0x1370 [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:47:11.0653 0x1370 AntiVirSchedulerService - ok
08:47:11.0700 0x1370 [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:47:11.0762 0x1370 AntiVirService - ok
08:47:11.0778 0x1370 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
08:47:11.0825 0x1370 AppID - ok
08:47:11.0856 0x1370 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:47:11.0903 0x1370 AppIDSvc - ok
08:47:11.0918 0x1370 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
08:47:11.0965 0x1370 Appinfo - ok
08:47:11.0996 0x1370 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:47:12.0043 0x1370 Apple Mobile Device Service - ok
08:47:12.0059 0x1370 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
08:47:12.0121 0x1370 AppMgmt - ok
08:47:12.0137 0x1370 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
08:47:12.0183 0x1370 arc - ok
08:47:12.0199 0x1370 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:47:12.0246 0x1370 arcsas - ok
08:47:12.0277 0x1370 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:47:12.0340 0x1370 aspnet_state - ok
08:47:12.0356 0x1370 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:12.0465 0x1370 AsyncMac - ok
08:47:12.0481 0x1370 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:47:12.0512 0x1370 atapi - ok
08:47:12.0559 0x1370 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:47:12.0684 0x1370 AudioEndpointBuilder - ok
08:47:12.0730 0x1370 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:47:12.0824 0x1370 AudioSrv - ok
08:47:12.0840 0x1370 [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:47:12.0918 0x1370 avgntflt - ok
08:47:12.0980 0x1370 [ B4BCF613F8A17F4DB8C86896E93F620A, ABC468A99295A274080B8197E9A79E2D4B4F64F37CC1637233CDC0019BF92554 ] avgsvc C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
08:47:13.0105 0x1370 avgsvc - ok
08:47:13.0120 0x1370 [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:47:13.0167 0x1370 avipbb - ok
08:47:13.0198 0x1370 [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
08:47:13.0230 0x1370 Avira.OE.ServiceHost - ok
08:47:13.0245 0x1370 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:47:13.0276 0x1370 avkmgr - ok
08:47:13.0292 0x1370 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:47:13.0401 0x1370 AxInstSV - ok
08:47:13.0432 0x1370 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:47:13.0526 0x1370 b06bdrv - ok
08:47:13.0542 0x1370 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:47:13.0620 0x1370 b57nd60a - ok
08:47:13.0635 0x1370 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:47:13.0698 0x1370 BDESVC - ok
08:47:13.0713 0x1370 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:47:13.0822 0x1370 Beep - ok
08:47:13.0885 0x1370 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:47:13.0994 0x1370 BFE - ok
08:47:14.0056 0x1370 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
08:47:14.0275 0x1370 BITS - ok
08:47:14.0290 0x1370 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:47:14.0337 0x1370 blbdrive - ok
08:47:14.0368 0x1370 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:47:14.0431 0x1370 Bonjour Service - ok
08:47:14.0446 0x1370 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:47:14.0509 0x1370 bowser - ok
08:47:14.0509 0x1370 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:47:14.0571 0x1370 BrFiltLo - ok
08:47:14.0587 0x1370 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:47:14.0634 0x1370 BrFiltUp - ok
08:47:14.0649 0x1370 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:47:14.0727 0x1370 Browser - ok
08:47:14.0743 0x1370 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:47:14.0821 0x1370 Brserid - ok
08:47:14.0836 0x1370 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:14.0883 0x1370 BrSerWdm - ok
08:47:14.0899 0x1370 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:14.0946 0x1370 BrUsbMdm - ok
08:47:14.0946 0x1370 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:47:14.0992 0x1370 BrUsbSer - ok
08:47:15.0008 0x1370 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
08:47:15.0039 0x1370 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
08:47:17.0644 0x1370 Detect skipped due to KSN trusted
08:47:17.0644 0x1370 BrYNSvc - ok
08:47:17.0660 0x1370 [ B4C05BD39F5D0089F30D599D3775CCD2, C6876AA925951106463BA0979C0EBBE66440DC9F09D2E573974223739D7044AC ] BTAVB_KomDienst_Vers_BTnet_0115 C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe
08:47:17.0676 0x1370 BTAVB_KomDienst_Vers_BTnet_0115 - detected UnsignedFile.Multi.Generic ( 1 )
08:47:20.0390 0x1370 Detect skipped due to KSN trusted
08:47:20.0390 0x1370 BTAVB_KomDienst_Vers_BTnet_0115 - ok
08:47:20.0406 0x1370 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:47:20.0452 0x1370 BthEnum - ok
08:47:20.0468 0x1370 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:47:20.0530 0x1370 BTHMODEM - ok
08:47:20.0546 0x1370 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:47:20.0608 0x1370 BthPan - ok
08:47:20.0640 0x1370 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:47:20.0733 0x1370 BTHPORT - ok
08:47:20.0749 0x1370 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:47:20.0858 0x1370 bthserv - ok
08:47:20.0874 0x1370 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:47:20.0920 0x1370 BTHUSB - ok
08:47:20.0936 0x1370 [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
08:47:20.0983 0x1370 btusbflt - ok
08:47:20.0998 0x1370 [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
08:47:21.0030 0x1370 btwaudio - ok
08:47:21.0045 0x1370 [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
08:47:21.0092 0x1370 btwavdt - ok
08:47:21.0154 0x1370 [ E45B07AA29D8B9B1E98E9F74FC4C8DB0, F82ECAAECB42857FEBFE57753F456B07D515F1381390651A317A5751CAD77178 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
08:47:21.0264 0x1370 btwdins - ok
08:47:21.0279 0x1370 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
08:47:21.0310 0x1370 btwl2cap - ok
08:47:21.0326 0x1370 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
08:47:21.0373 0x1370 btwrchid - ok
08:47:21.0373 0x1370 [ CB403D089BF1D881D4FAA29CE73373DA, 8175DA205C14189CBFB8FFD58C6EE2FC3A542815E46625AB6E50BDA214A026D2 ] BT_InstallationsDienst C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe
08:47:21.0420 0x1370 BT_InstallationsDienst - ok
08:47:21.0452 0x1370 [ 48360B88C4BF45850653BB7C86888ED4, 454C2DD81BFCC7FF4819CDFE3C5506E31A3FE86B06FB18009783CD2FEA74B0BF ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
08:47:21.0514 0x1370 CAXHWAZL - ok
08:47:21.0530 0x1370 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:47:21.0655 0x1370 cdfs - ok
08:47:21.0670 0x1370 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:47:21.0717 0x1370 cdrom - ok
08:47:21.0733 0x1370 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:47:21.0857 0x1370 CertPropSvc - ok
08:47:21.0873 0x1370 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
08:47:21.0920 0x1370 circlass - ok
08:47:21.0967 0x1370 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
08:47:22.0013 0x1370 CLFS - ok
08:47:22.0029 0x1370 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:47:22.0076 0x1370 clr_optimization_v2.0.50727_32 - ok
08:47:22.0091 0x1370 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:47:22.0138 0x1370 clr_optimization_v2.0.50727_64 - ok
08:47:22.0169 0x1370 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:47:22.0216 0x1370 clr_optimization_v4.0.30319_32 - ok
08:47:22.0232 0x1370 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:47:22.0279 0x1370 clr_optimization_v4.0.30319_64 - ok
08:47:22.0294 0x1370 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:47:22.0341 0x1370 CmBatt - ok
08:47:22.0357 0x1370 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:47:22.0403 0x1370 cmdide - ok
08:47:22.0435 0x1370 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
08:47:22.0544 0x1370 CNG - ok
08:47:22.0591 0x1370 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2, D7D9D739748A7D1159623738464A92BBEC3AF5734B2A7B44291E2B9F21C91D7F ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
08:47:22.0700 0x1370 CnxtHdAudService - ok
08:47:22.0700 0x1370 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:47:22.0747 0x1370 Compbatt - ok
08:47:22.0762 0x1370 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:47:22.0903 0x1370 CompositeBus - ok
08:47:22.0918 0x1370 COMSysApp - ok
08:47:22.0934 0x1370 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:47:22.0965 0x1370 crcdisk - ok
08:47:22.0996 0x1370 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:47:23.0059 0x1370 CryptSvc - ok
08:47:23.0090 0x1370 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
08:47:23.0199 0x1370 CSC - ok
08:47:23.0246 0x1370 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
08:47:23.0324 0x1370 CscService - ok
08:47:23.0339 0x1370 [ EB7439918F3E04B51CD8822FD8C8E018, 3B79A87B867F769D9E67B34143E90E6A55F493C2BA7ADD4C3FD08AAC85C07C74 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
08:47:23.0386 0x1370 ctxusbm - ok
08:47:23.0433 0x1370 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:47:23.0558 0x1370 DcomLaunch - ok
08:47:23.0589 0x1370 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:47:23.0698 0x1370 defragsvc - ok
08:47:23.0714 0x1370 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:47:23.0823 0x1370 DfsC - ok
08:47:23.0854 0x1370 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:47:23.0932 0x1370 Dhcp - ok
08:47:23.0948 0x1370 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:47:24.0041 0x1370 discache - ok
08:47:24.0057 0x1370 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
08:47:24.0119 0x1370 Disk - ok
08:47:24.0119 0x1370 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
08:47:24.0182 0x1370 dmvsc - ok
08:47:24.0197 0x1370 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:47:24.0260 0x1370 Dnscache - ok
08:47:24.0291 0x1370 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:47:24.0431 0x1370 dot3svc - ok
08:47:24.0447 0x1370 [ 604D8E757DAF0E2BE6FD8F0047711069, B113F107FFCC8362FAAC64CCA01A3C17259196237E2AD63338A19D1151293A82 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
08:47:24.0525 0x1370 DozeSvc - ok
08:47:24.0541 0x1370 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:47:24.0681 0x1370 DPS - ok
08:47:24.0697 0x1370 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:47:24.0743 0x1370 drmkaud - ok
08:47:24.0853 0x1370 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:47:24.0962 0x1370 DXGKrnl - ok
08:47:24.0977 0x1370 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
08:47:25.0024 0x1370 DzHDD64 - ok
08:47:25.0071 0x1370 [ 477E33019A855D9B8E7B3263CB9A1AE5, F28840936D992C99238AFECBBF03B75047DEDF0EC682C1444036931E4036AFBB ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
08:47:25.0695 0x1370 e1kexpress - ok
08:47:25.0711 0x1370 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:47:25.0882 0x1370 EapHost - ok
08:47:26.0085 0x1370 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:47:26.0865 0x1370 ebdrv - ok
08:47:26.0912 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
08:47:27.0005 0x1370 EFS - ok
08:47:27.0037 0x1370 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:47:27.0130 0x1370 ehRecvr - ok
08:47:27.0161 0x1370 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
08:47:27.0208 0x1370 ehSched - ok
08:47:27.0255 0x1370 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:47:27.0333 0x1370 elxstor - ok
08:47:27.0333 0x1370 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:47:27.0380 0x1370 ErrDev - ok
08:47:27.0427 0x1370 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:47:27.0567 0x1370 EventSystem - ok
08:47:27.0583 0x1370 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:47:27.0723 0x1370 exfat - ok
08:47:27.0739 0x1370 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:47:28.0394 0x1370 fastfat - ok
08:47:28.0441 0x1370 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
08:47:29.0018 0x1370 Fax - ok
08:47:29.0080 0x1370 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
08:47:29.0189 0x1370 fdc - ok
08:47:29.0252 0x1370 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:47:29.0938 0x1370 fdPHost - ok
08:47:29.0938 0x1370 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:47:30.0047 0x1370 FDResPub - ok
08:47:30.0063 0x1370 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:47:30.0110 0x1370 FileInfo - ok
08:47:30.0125 0x1370 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:47:30.0235 0x1370 Filetrace - ok
08:47:30.0250 0x1370 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:47:30.0281 0x1370 flpydisk - ok
08:47:30.0313 0x1370 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:47:30.0375 0x1370 FltMgr - ok
08:47:30.0453 0x1370 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
08:47:30.0593 0x1370 FontCache - ok
08:47:30.0609 0x1370 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:47:30.0656 0x1370 FontCache3.0.0.0 - ok
08:47:30.0656 0x1370 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:47:30.0703 0x1370 FsDepends - ok
08:47:30.0718 0x1370 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:47:30.0749 0x1370 Fs_Rec - ok
08:47:30.0781 0x1370 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:47:30.0843 0x1370 fvevol - ok
08:47:30.0859 0x1370 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:47:30.0905 0x1370 gagp30kx - ok
08:47:30.0921 0x1370 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:47:30.0952 0x1370 GEARAspiWDM - ok
08:47:31.0015 0x1370 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
08:47:31.0202 0x1370 gpsvc - ok
08:47:31.0217 0x1370 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:47:31.0249 0x1370 hcw85cir - ok
08:47:31.0280 0x1370 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:47:31.0373 0x1370 HdAudAddService - ok
08:47:31.0389 0x1370 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:47:31.0436 0x1370 HDAudBus - ok
08:47:31.0436 0x1370 [ 7F40163C7A7369A147761C9B57A1223E, 1BF89A4E405F24FB339151CCC2957D22683548B8064F08DC9CECB7580D0A173B ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:47:31.0467 0x1370 HECIx64 - ok
08:47:31.0483 0x1370 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:47:31.0514 0x1370 HidBatt - ok
08:47:31.0529 0x1370 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:47:31.0576 0x1370 HidBth - ok
08:47:31.0576 0x1370 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
08:47:31.0623 0x1370 HidIr - ok
08:47:31.0639 0x1370 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:47:31.0748 0x1370 hidserv - ok
08:47:31.0763 0x1370 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:47:31.0795 0x1370 HidUsb - ok
08:47:31.0810 0x1370 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:47:31.0919 0x1370 hkmsvc - ok
08:47:31.0935 0x1370 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:47:31.0982 0x1370 HomeGroupListener - ok
08:47:31.0997 0x1370 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:47:32.0044 0x1370 HomeGroupProvider - ok
08:47:32.0060 0x1370 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:47:32.0107 0x1370 HpSAMD - ok
08:47:32.0153 0x1370 [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
08:47:32.0231 0x1370 HsfXAudioService - ok
08:47:32.0294 0x1370 [ F6AC1087A131FBB385400667BEA64FBE, 131661287953708893FE564602E8ED6832B96CCA523C205EDE0C9E82DD930178 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
08:47:32.0419 0x1370 HSF_DPV - ok
08:47:32.0465 0x1370 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:47:32.0590 0x1370 HTTP - ok
08:47:32.0590 0x1370 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:47:32.0621 0x1370 hwpolicy - ok
08:47:32.0637 0x1370 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:47:32.0668 0x1370 i8042prt - ok
08:47:32.0715 0x1370 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:47:32.0793 0x1370 iaStorV - ok
08:47:32.0793 0x1370 [ C5637F74E032C700B6F5D3EA03E8F636, 8C697999DEA95DA4686C08CC4F67A09E706FE503869FC1A5B42761F1A2EE951C ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
08:47:32.0840 0x1370 IBMPMDRV - ok
08:47:32.0840 0x1370 [ 1F50C792A4BC183CF1FDBE1494A15680, CC2F9E51A6363733D613A885221AAEE35E44DDF77106068AD9F5028BE6AEF068 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
08:47:32.0887 0x1370 IBMPMSVC - ok
08:47:32.0887 0x1370 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:47:32.0918 0x1370 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
08:47:35.0476 0x1370 Detect skipped due to KSN trusted
08:47:35.0476 0x1370 IDriverT - ok
08:47:35.0523 0x1370 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:47:35.0617 0x1370 idsvc - ok
08:47:35.0617 0x1370 IEEtwCollectorService - ok
08:47:36.0194 0x1370 [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:47:37.0005 0x1370 igfx - ok
08:47:37.0052 0x1370 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:47:37.0083 0x1370 iirsp - ok
08:47:37.0130 0x1370 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:47:37.0239 0x1370 IKEEXT - ok
08:47:37.0255 0x1370 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
08:47:37.0301 0x1370 Impcd - ok
08:47:37.0333 0x1370 [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:47:37.0379 0x1370 IntcDAud - ok
08:47:37.0395 0x1370 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:47:37.0426 0x1370 intelide - ok
08:47:37.0426 0x1370 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:47:37.0457 0x1370 intelppm - ok
08:47:37.0473 0x1370 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:47:37.0582 0x1370 IPBusEnum - ok
08:47:37.0598 0x1370 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:37.0691 0x1370 IpFilterDriver - ok
08:47:37.0738 0x1370 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:47:37.0801 0x1370 iphlpsvc - ok
08:47:37.0816 0x1370 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:47:37.0863 0x1370 IPMIDRV - ok
08:47:37.0879 0x1370 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:47:38.0003 0x1370 IPNAT - ok
08:47:38.0050 0x1370 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:47:38.0113 0x1370 iPod Service - ok
08:47:38.0128 0x1370 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:47:38.0191 0x1370 IRENUM - ok
08:47:38.0191 0x1370 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:47:38.0222 0x1370 isapnp - ok
08:47:38.0253 0x1370 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:47:38.0300 0x1370 iScsiPrt - ok
08:47:38.0315 0x1370 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:38.0347 0x1370 kbdclass - ok
08:47:38.0362 0x1370 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:38.0393 0x1370 kbdhid - ok
08:47:38.0409 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
08:47:38.0440 0x1370 KeyIso - ok
08:47:38.0456 0x1370 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:47:38.0503 0x1370 KSecDD - ok
08:47:38.0518 0x1370 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:47:38.0581 0x1370 KSecPkg - ok
08:47:38.0596 0x1370 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:47:38.0721 0x1370 ksthunk - ok
08:47:38.0752 0x1370 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:47:38.0893 0x1370 KtmRm - ok
08:47:38.0908 0x1370 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:47:39.0017 0x1370 LanmanServer - ok
08:47:39.0033 0x1370 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:47:39.0142 0x1370 LanmanWorkstation - ok
08:47:39.0158 0x1370 [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
08:47:39.0189 0x1370 LENOVO.CAMMUTE - ok
08:47:39.0205 0x1370 [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
08:47:39.0236 0x1370 LENOVO.MICMUTE - ok
08:47:39.0251 0x1370 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
08:47:39.0267 0x1370 lenovo.smi - ok
08:47:39.0283 0x1370 [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
08:47:39.0314 0x1370 LENOVO.TPKNRSVC - ok
08:47:39.0329 0x1370 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:47:39.0439 0x1370 lltdio - ok
08:47:39.0454 0x1370 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:47:39.0579 0x1370 lltdsvc - ok
08:47:39.0595 0x1370 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:47:39.0688 0x1370 lmhosts - ok
08:47:39.0719 0x1370 [ 1DC4D529183A4275809A7646F2180A22, 218403A5EA4EACEEF6C701320345075978FA1C36C9B522BC34142E2D8A6D77CE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:47:39.0751 0x1370 LMS - ok
08:47:39.0766 0x1370 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:47:39.0813 0x1370 LSI_FC - ok
08:47:39.0829 0x1370 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:47:39.0891 0x1370 LSI_SAS - ok
08:47:39.0907 0x1370 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:47:39.0953 0x1370 LSI_SAS2 - ok
08:47:39.0969 0x1370 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:47:40.0016 0x1370 LSI_SCSI - ok
08:47:40.0031 0x1370 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:47:40.0125 0x1370 luafv - ok
08:47:40.0141 0x1370 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:47:40.0172 0x1370 MBAMProtector - ok
08:47:40.0265 0x1370 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
08:47:40.0406 0x1370 MBAMScheduler - ok
08:47:40.0468 0x1370 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
08:47:40.0531 0x1370 MBAMService - ok
08:47:40.0562 0x1370 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
08:47:40.0577 0x1370 MBAMSwissArmy - ok
08:47:40.0593 0x1370 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
08:47:40.0624 0x1370 MBAMWebAccessControl - ok
08:47:40.0624 0x1370 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:47:40.0687 0x1370 Mcx2Svc - ok
08:47:40.0702 0x1370 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:47:40.0749 0x1370 MDM - detected UnsignedFile.Multi.Generic ( 1 )
08:47:43.0339 0x1370 Detect skipped due to KSN trusted
08:47:43.0339 0x1370 MDM - ok
08:47:43.0354 0x1370 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:47:43.0385 0x1370 mdmxsdk - ok
08:47:43.0401 0x1370 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
08:47:43.0432 0x1370 megasas - ok
08:47:43.0463 0x1370 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:47:43.0526 0x1370 MegaSR - ok
08:47:43.0541 0x1370 [ 033B947AF4A997820E86FCB070B1F450, 2F54F9D1E8374187B2F206E7CF22A907C735C71F38445A94BDC84E83081D3A88 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:47:43.0588 0x1370 Microsoft Office Groove Audit Service - ok
08:47:43.0604 0x1370 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:48:13.0821 0x1370 MMCSS - ok
08:48:13.0852 0x1370 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:48:13.0993 0x1370 Modem - ok
08:48:14.0008 0x1370 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:48:14.0055 0x1370 monitor - ok
08:48:14.0071 0x1370 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:48:14.0117 0x1370 mouclass - ok
08:48:14.0133 0x1370 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:48:14.0180 0x1370 mouhid - ok
08:48:14.0195 0x1370 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:48:14.0242 0x1370 mountmgr - ok
08:48:14.0258 0x1370 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:48:14.0305 0x1370 MozillaMaintenance - ok
08:48:14.0320 0x1370 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:48:14.0367 0x1370 mpio - ok
08:48:14.0383 0x1370 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:48:14.0507 0x1370 mpsdrv - ok
08:48:14.0554 0x1370 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:48:14.0851 0x1370 MpsSvc - ok
08:48:14.0929 0x1370 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:48:15.0054 0x1370 MRxDAV - ok
08:48:15.0101 0x1370 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:48:15.0226 0x1370 mrxsmb - ok
08:48:15.0288 0x1370 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:48:15.0398 0x1370 mrxsmb10 - ok
08:48:15.0413 0x1370 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:48:15.0476 0x1370 mrxsmb20 - ok
08:48:15.0491 0x1370 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
08:48:15.0538 0x1370 msahci - ok
08:48:15.0554 0x1370 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:48:15.0616 0x1370 msdsm - ok
08:48:15.0647 0x1370 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:48:15.0710 0x1370 MSDTC - ok
08:48:15.0725 0x1370 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:48:15.0819 0x1370 Msfs - ok
08:48:15.0834 0x1370 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:48:15.0959 0x1370 mshidkmdf - ok
08:48:15.0959 0x1370 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:48:16.0006 0x1370 msisadrv - ok
08:48:16.0022 0x1370 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:48:16.0178 0x1370 MSiSCSI - ok
08:48:16.0193 0x1370 msiserver - ok
08:48:16.0209 0x1370 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:48:16.0318 0x1370 MSKSSRV - ok
08:48:16.0334 0x1370 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:48:16.0443 0x1370 MSPCLOCK - ok
08:48:16.0458 0x1370 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:48:16.0568 0x1370 MSPQM - ok
08:48:16.0583 0x1370 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:48:16.0646 0x1370 MsRPC - ok
08:48:16.0661 0x1370 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:48:16.0677 0x1370 mssmbios - ok
08:48:16.0692 0x1370 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:48:16.0786 0x1370 MSTEE - ok
08:48:16.0802 0x1370 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:48:16.0833 0x1370 MTConfig - ok
08:48:16.0848 0x1370 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:48:16.0895 0x1370 Mup - ok
08:48:16.0926 0x1370 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:48:17.0036 0x1370 napagent - ok
08:48:17.0067 0x1370 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:48:17.0160 0x1370 NativeWifiP - ok
08:48:17.0207 0x1370 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
08:48:17.0301 0x1370 NDIS - ok
08:48:17.0301 0x1370 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:48:17.0410 0x1370 NdisCap - ok
08:48:17.0426 0x1370 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:48:17.0535 0x1370 NdisTapi - ok
08:48:17.0550 0x1370 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:48:17.0660 0x1370 Ndisuio - ok
08:48:17.0675 0x1370 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:48:17.0784 0x1370 NdisWan - ok
08:48:17.0800 0x1370 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:48:17.0894 0x1370 NDProxy - ok
08:48:17.0909 0x1370 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:48:18.0018 0x1370 NetBIOS - ok
08:48:18.0050 0x1370 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:48:18.0143 0x1370 NetBT - ok
08:48:18.0159 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
08:48:18.0190 0x1370 Netlogon - ok
08:48:18.0221 0x1370 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:48:18.0346 0x1370 Netman - ok
08:48:18.0362 0x1370 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:48:18.0424 0x1370 NetMsmqActivator - ok
08:48:18.0440 0x1370 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:48:18.0471 0x1370 NetPipeActivator - ok
08:48:18.0502 0x1370 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:48:18.0611 0x1370 netprofm - ok
08:48:18.0627 0x1370 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:48:18.0674 0x1370 NetTcpActivator - ok
08:48:18.0674 0x1370 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:48:18.0720 0x1370 NetTcpPortSharing - ok
08:48:19.0126 0x1370 [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
08:48:19.0641 0x1370 NETw5s64 - ok
08:48:19.0656 0x1370 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:48:19.0703 0x1370 nfrd960 - ok
08:48:19.0734 0x1370 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:48:19.0781 0x1370 NlaSvc - ok
08:48:19.0797 0x1370 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:48:19.0922 0x1370 Npfs - ok
08:48:19.0922 0x1370 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:48:20.0078 0x1370 nsi - ok
08:48:20.0093 0x1370 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:48:20.0187 0x1370 nsiproxy - ok
08:48:20.0296 0x1370 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:48:20.0436 0x1370 Ntfs - ok
08:48:20.0436 0x1370 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:48:20.0546 0x1370 Null - ok
08:48:20.0561 0x1370 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:48:20.0592 0x1370 nvraid - ok
08:48:20.0608 0x1370 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:48:20.0655 0x1370 nvstor - ok
08:48:20.0670 0x1370 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:48:20.0717 0x1370 nv_agp - ok
08:48:20.0748 0x1370 [ E54AA592A65F317390EEE386A8821692, 7997F8C07802F6C49F06620B35C4C382ADD5419EA8BE02CD7AF0F2EF42A93E53 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:48:20.0811 0x1370 odserv - ok
08:48:20.0826 0x1370 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:48:20.0889 0x1370 ohci1394 - ok
08:48:20.0904 0x1370 OracleJobSchedulerBASIS - ok
08:48:20.0904 0x1370 OracleMTSRecoveryService - ok
08:48:20.0920 0x1370 OracleServiceBASIS - ok
08:48:20.0936 0x1370 OracleXEClrAgent - ok
08:48:20.0951 0x1370 [ 8AF936CE45788974EFFF7D0F19143583, 4210D35A45C61EA4B5FE858C0F4ADAA7E6F301F99587BC43226130EFFC1B7339 ] OracleXETNSListener C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
08:48:20.0982 0x1370 OracleXETNSListener - detected UnsignedFile.Multi.Generic ( 1 )
08:48:25.0631 0x1370 Detect skipped due to KSN trusted
08:48:25.0631 0x1370 OracleXETNSListener - ok
08:48:25.0647 0x1370 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:48:25.0694 0x1370 ose - ok
08:48:25.0709 0x1370 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:48:25.0756 0x1370 p2pimsvc - ok
08:48:25.0787 0x1370 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:48:25.0834 0x1370 p2psvc - ok
08:48:25.0850 0x1370 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
08:48:25.0896 0x1370 Parport - ok
08:48:25.0896 0x1370 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:48:25.0943 0x1370 partmgr - ok
08:48:25.0959 0x1370 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:48:26.0006 0x1370 PcaSvc - ok
08:48:26.0021 0x1370 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:48:26.0068 0x1370 pci - ok
08:48:26.0068 0x1370 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:48:26.0099 0x1370 pciide - ok
08:48:26.0115 0x1370 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:48:26.0162 0x1370 pcmcia - ok
08:48:26.0177 0x1370 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:48:26.0208 0x1370 pcw - ok
08:48:26.0240 0x1370 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:48:26.0333 0x1370 PEAUTH - ok
08:48:26.0396 0x1370 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:48:26.0489 0x1370 PeerDistSvc - ok
08:48:26.0520 0x1370 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:48:26.0567 0x1370 PerfHost - ok
08:48:26.0645 0x1370 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:48:26.0817 0x1370 pla - ok
08:48:26.0832 0x1370 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:48:26.0910 0x1370 PlugPlay - ok
08:48:26.0910 0x1370 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:48:26.0957 0x1370 PNRPAutoReg - ok
08:48:26.0973 0x1370 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:48:27.0020 0x1370 PNRPsvc - ok
08:48:27.0051 0x1370 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:48:27.0144 0x1370 PolicyAgent - ok
08:48:27.0160 0x1370 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:48:27.0254 0x1370 Power - ok
08:48:27.0332 0x1370 [ 91162123C2918035B81687C050C32349, D377C433213A5B07B5E88723E778DDA2CE49EF8EED264B6691A1F29937E28003 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
08:48:27.0441 0x1370 Power Manager DBC Service - ok
08:48:27.0456 0x1370 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:48:27.0534 0x1370 PptpMiniport - ok
08:48:27.0550 0x1370 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
08:48:27.0581 0x1370 Processor - ok
08:48:27.0597 0x1370 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
08:48:27.0659 0x1370 ProfSvc - ok
08:48:27.0659 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:48:27.0690 0x1370 ProtectedStorage - ok
08:48:27.0706 0x1370 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:48:27.0784 0x1370 Psched - ok
08:48:27.0862 0x1370 [ A5603194DA539F6E0C836A72EE8F47F3, 3B8FFC63D6A3CB210C0891B2E849639414C81B22EFC6C99758EE1509D2DBAC2E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
08:48:27.0987 0x1370 PwmEWSvc - ok
08:48:28.0065 0x1370 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:48:28.0174 0x1370 ql2300 - ok
08:48:28.0190 0x1370 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:48:28.0236 0x1370 ql40xx - ok
08:48:28.0252 0x1370 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:48:28.0314 0x1370 QWAVE - ok
08:48:28.0330 0x1370 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:48:28.0377 0x1370 QWAVEdrv - ok
08:48:28.0377 0x1370 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:48:28.0470 0x1370 RasAcd - ok
08:48:28.0470 0x1370 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:28.0564 0x1370 RasAgileVpn - ok
08:48:28.0580 0x1370 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:48:28.0673 0x1370 RasAuto - ok
08:48:28.0689 0x1370 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:28.0767 0x1370 Rasl2tp - ok
08:48:28.0814 0x1370 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:48:28.0907 0x1370 RasMan - ok
08:48:28.0923 0x1370 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:29.0001 0x1370 RasPppoe - ok
08:48:29.0016 0x1370 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:48:29.0110 0x1370 RasSstp - ok
08:48:29.0126 0x1370 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:48:29.0235 0x1370 rdbss - ok
08:48:29.0235 0x1370 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:48:29.0282 0x1370 rdpbus - ok
08:48:29.0282 0x1370 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:29.0360 0x1370 RDPCDD - ok
08:48:29.0375 0x1370 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:48:29.0422 0x1370 RDPDR - ok
08:48:29.0438 0x1370 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:48:29.0500 0x1370 RDPENCDD - ok
08:48:29.0516 0x1370 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:48:29.0594 0x1370 RDPREFMP - ok
08:48:29.0609 0x1370 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:48:29.0640 0x1370 RdpVideoMiniport - ok
08:48:29.0656 0x1370 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:48:29.0703 0x1370 RDPWD - ok
08:48:29.0718 0x1370 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:48:29.0765 0x1370 rdyboost - ok
08:48:29.0781 0x1370 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:48:29.0874 0x1370 RemoteAccess - ok
08:48:29.0890 0x1370 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:48:29.0984 0x1370 RemoteRegistry - ok
08:48:29.0999 0x1370 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:48:30.0046 0x1370 RFCOMM - ok
08:48:30.0062 0x1370 [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
08:48:30.0093 0x1370 rimspci - ok
08:48:30.0093 0x1370 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:48:30.0186 0x1370 RpcEptMapper - ok
08:48:30.0202 0x1370 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:48:30.0233 0x1370 RpcLocator - ok
08:48:30.0264 0x1370 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
08:48:30.0358 0x1370 RpcSs - ok
08:48:30.0374 0x1370 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:48:30.0452 0x1370 rspndr - ok
08:48:30.0467 0x1370 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:48:30.0498 0x1370 s3cap - ok
08:48:30.0498 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
08:48:30.0530 0x1370 SamSs - ok
08:48:30.0545 0x1370 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:48:30.0576 0x1370 sbp2port - ok
08:48:30.0592 0x1370 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:48:30.0701 0x1370 SCardSvr - ok
08:48:30.0701 0x1370 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:48:30.0795 0x1370 scfilter - ok
08:48:30.0857 0x1370 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
08:48:31.0013 0x1370 Schedule - ok
08:48:31.0029 0x1370 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:48:31.0107 0x1370 SCPolicySvc - ok
08:48:31.0107 0x1370 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:48:31.0154 0x1370 sdbus - ok
08:48:31.0169 0x1370 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:48:31.0232 0x1370 SDRSVC - ok
08:48:31.0232 0x1370 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:48:31.0310 0x1370 secdrv - ok
08:48:31.0325 0x1370 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
08:48:31.0403 0x1370 seclogon - ok
08:48:31.0419 0x1370 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:48:31.0512 0x1370 SENS - ok
08:48:31.0512 0x1370 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:48:31.0559 0x1370 SensrSvc - ok
08:48:31.0559 0x1370 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:48:31.0606 0x1370 Serenum - ok
08:48:31.0606 0x1370 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:48:31.0653 0x1370 Serial - ok
08:48:31.0653 0x1370 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:48:31.0684 0x1370 sermouse - ok
08:48:31.0715 0x1370 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:48:31.0809 0x1370 SessionEnv - ok
08:48:31.0809 0x1370 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:48:31.0856 0x1370 sffdisk - ok
08:48:31.0856 0x1370 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:48:31.0902 0x1370 sffp_mmc - ok
08:48:31.0902 0x1370 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:48:31.0949 0x1370 sffp_sd - ok
08:48:31.0949 0x1370 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:48:31.0980 0x1370 sfloppy - ok
08:48:32.0012 0x1370 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:48:32.0121 0x1370 SharedAccess - ok
08:48:32.0152 0x1370 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:48:32.0261 0x1370 ShellHWDetection - ok
08:48:32.0277 0x1370 [ 20E533B5D78BF878B071766996791390, 58AE5555BB1803AEDFF55E1766C386A21E30CFC2827A99CC43E21D2BE9A39CBF ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
08:48:32.0308 0x1370 Shockprf - ok
08:48:32.0324 0x1370 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:48:32.0355 0x1370 SiSRaid2 - ok
08:48:32.0355 0x1370 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:48:32.0402 0x1370 SiSRaid4 - ok
08:48:32.0402 0x1370 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:48:32.0495 0x1370 Smb - ok
08:48:32.0511 0x1370 [ C40F447162D99F6CBFC29A0B7EFE270B, 8826CEC13E5AAE763826B916143E6D3289FB75933206074DC67376B265E4C796 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
08:48:32.0542 0x1370 SmbDrvI - ok
08:48:32.0542 0x1370 [ 3BC2844AF786CA422CC31D505ACFA9F2, 38936490E2F404FC1235D8C6C7E87809E2935057041CBE884D887B0A69A47279 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
08:48:32.0573 0x1370 smihlp - ok
08:48:32.0589 0x1370 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:48:32.0620 0x1370 SNMPTRAP - ok
08:48:32.0620 0x1370 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:48:32.0651 0x1370 spldr - ok
08:48:32.0682 0x1370 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
08:48:32.0760 0x1370 Spooler - ok
08:48:32.0948 0x1370 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:48:33.0213 0x1370 sppsvc - ok
08:48:33.0228 0x1370 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:48:33.0322 0x1370 sppuinotify - ok
08:48:33.0353 0x1370 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:48:33.0416 0x1370 srv - ok
08:48:33.0431 0x1370 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:48:33.0509 0x1370 srv2 - ok
08:48:33.0525 0x1370 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:48:33.0572 0x1370 SrvHsfHDA - ok
08:48:33.0650 0x1370 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:48:33.0759 0x1370 SrvHsfV92 - ok
08:48:33.0806 0x1370 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:48:33.0884 0x1370 SrvHsfWinac - ok
08:48:33.0899 0x1370 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:48:33.0946 0x1370 srvnet - ok
08:48:33.0962 0x1370 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:48:34.0040 0x1370 SSDPSRV - ok
08:48:34.0055 0x1370 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:48:34.0133 0x1370 SstpSvc - ok
08:48:34.0149 0x1370 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:48:34.0180 0x1370 stexstor - ok
08:48:34.0180 0x1370 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:48:34.0211 0x1370 StillCam - ok
08:48:34.0258 0x1370 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:48:34.0336 0x1370 stisvc - ok
08:48:34.0352 0x1370 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:48:34.0383 0x1370 storflt - ok
08:48:34.0383 0x1370 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
08:48:34.0430 0x1370 StorSvc - ok
08:48:34.0430 0x1370 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:48:34.0461 0x1370 storvsc - ok
08:48:34.0476 0x1370 [ 1B1CF897355E4AB91C6544A382ABFD72, 44C9462F9D022163C3513A885813A4BF34036EE8431F518CF302A14FDFBCEAA6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
08:48:34.0508 0x1370 SUService - ok
08:48:34.0508 0x1370 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:48:34.0539 0x1370 swenum - ok
08:48:34.0570 0x1370 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:48:34.0695 0x1370 swprv - ok
08:48:34.0726 0x1370 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:48:34.0773 0x1370 SynTP - ok
08:48:34.0866 0x1370 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
08:48:35.0022 0x1370 SysMain - ok
08:48:35.0038 0x1370 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:48:35.0085 0x1370 TabletInputService - ok
08:48:35.0116 0x1370 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:48:35.0210 0x1370 TapiSrv - ok
08:48:35.0210 0x1370 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
08:48:35.0288 0x1370 TBS - ok
08:48:35.0381 0x1370 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:48:35.0506 0x1370 Tcpip - ok
08:48:35.0600 0x1370 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:48:35.0709 0x1370 TCPIP6 - ok
08:48:35.0724 0x1370 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:48:35.0771 0x1370 tcpipreg - ok
08:48:35.0771 0x1370 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:48:35.0802 0x1370 TDPIPE - ok
08:48:35.0818 0x1370 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:48:35.0849 0x1370 TDTCP - ok
08:48:35.0865 0x1370 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:48:35.0896 0x1370 tdx - ok
08:48:35.0912 0x1370 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:48:35.0943 0x1370 TermDD - ok
08:48:35.0974 0x1370 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
08:48:36.0052 0x1370 TermService - ok
08:48:36.0068 0x1370 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:48:36.0114 0x1370 Themes - ok
08:48:36.0130 0x1370 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:48:36.0208 0x1370 THREADORDER - ok
08:48:36.0224 0x1370 [ E9180AB69CCDE82E117A22EE1E1631B4, C97E2451826C6D63DBD16C6A4D8FC864590C57D8C7B6F6B555454C170C3071F7 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
08:48:36.0255 0x1370 TPDIGIMN - ok
08:48:36.0270 0x1370 [ D238C272AEA2DF71B9D72E5E2F4F0F3A, 7ED976B3240ABEE9334045A51C6C28BB15A80147319D8259FE9C7722E84613D9 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
08:48:36.0302 0x1370 TPHDEXLGSVC - ok
08:48:36.0317 0x1370 [ 8A1CAB578B61DD178A505B951229E6D7, ECA0E264F47638044DDE226A4C899299B651523AE91F44ECE496C0E3DC2F78A5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
08:48:36.0364 0x1370 TPHKLOAD - ok
08:48:36.0380 0x1370 [ 5B62F45C87CC0FB176C5358EEA6CFB4C, D3ED391278AE0F26BCF947057E63DD0CCA4FAD9D15C23D34E14A1F34571DAC77 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
08:48:36.0426 0x1370 TPHKSVC - ok
08:48:36.0426 0x1370 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
08:48:36.0458 0x1370 TPM - ok
08:48:36.0473 0x1370 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
08:48:36.0504 0x1370 TPPWRIF - ok
08:48:36.0504 0x1370 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:48:36.0614 0x1370 TrkWks - ok
08:48:36.0629 0x1370 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:48:36.0738 0x1370 TrustedInstaller - ok
08:48:36.0738 0x1370 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:36.0785 0x1370 tssecsrv - ok
08:48:36.0801 0x1370 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:48:36.0848 0x1370 TsUsbFlt - ok
08:48:36.0848 0x1370 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:48:36.0894 0x1370 TsUsbGD - ok
08:48:37.0004 0x1370 [ DF07EC9240A4B7008D6C5E65C8ABB584, 80F430996F0A513773600E20F4EF915B5D98A7C58D52CDF672B6AEF5A001E1CD ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
08:48:37.0160 0x1370 TuneUp.UtilitiesSvc - ok
08:48:37.0175 0x1370 [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
08:48:37.0206 0x1370 TuneUpUtilitiesDrv - ok
08:48:37.0206 0x1370 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:48:37.0300 0x1370 tunnel - ok
08:48:37.0316 0x1370 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:48:37.0347 0x1370 uagp35 - ok
08:48:37.0362 0x1370 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:48:37.0472 0x1370 udfs - ok
08:48:37.0487 0x1370 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:48:37.0534 0x1370 UI0Detect - ok
08:48:37.0534 0x1370 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:48:37.0581 0x1370 uliagpkx - ok
08:48:37.0581 0x1370 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:48:37.0612 0x1370 umbus - ok
08:48:37.0628 0x1370 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
08:48:37.0659 0x1370 UmPass - ok
08:48:37.0674 0x1370 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
08:48:37.0737 0x1370 UmRdpService - ok
08:48:37.0846 0x1370 [ 792F2F9563996C374C4BE221518BC291, 8D3C7DCA63C91ACB54E53E68D80D51EEDF666A9E7E0E3770F49877C860B5EA90 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:48:38.0002 0x1370 UNS - ok
08:48:38.0018 0x1370 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:48:38.0127 0x1370 upnphost - ok
08:48:38.0127 0x1370 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:48:38.0174 0x1370 USBAAPL64 - ok
08:48:38.0189 0x1370 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:38.0220 0x1370 usbccgp - ok
08:48:38.0236 0x1370 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:48:38.0283 0x1370 usbcir - ok
08:48:38.0298 0x1370 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:48:38.0330 0x1370 usbehci - ok
08:48:38.0345 0x1370 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:48:38.0408 0x1370 usbhub - ok
08:48:38.0408 0x1370 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:48:38.0439 0x1370 usbohci - ok
08:48:38.0454 0x1370 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:48:38.0486 0x1370 usbprint - ok
08:48:38.0501 0x1370 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:48:38.0548 0x1370 USBSTOR - ok
08:48:38.0548 0x1370 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:48:38.0579 0x1370 usbuhci - ok
08:48:38.0595 0x1370 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:48:38.0642 0x1370 usbvideo - ok
08:48:38.0642 0x1370 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:48:38.0735 0x1370 UxSms - ok
08:48:38.0751 0x1370 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
08:48:38.0782 0x1370 VaultSvc - ok
08:48:38.0798 0x1370 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:48:38.0829 0x1370 vdrvroot - ok
08:48:38.0860 0x1370 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:48:38.0969 0x1370 vds - ok
08:48:38.0969 0x1370 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:39.0016 0x1370 vga - ok
08:48:39.0016 0x1370 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:48:39.0110 0x1370 VgaSave - ok
08:48:39.0125 0x1370 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:48:39.0172 0x1370 vhdmp - ok
08:48:39.0172 0x1370 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:48:39.0203 0x1370 viaide - ok
08:48:39.0219 0x1370 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:48:39.0266 0x1370 vmbus - ok
08:48:39.0281 0x1370 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:48:39.0312 0x1370 VMBusHID - ok
08:48:39.0312 0x1370 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:48:39.0359 0x1370 volmgr - ok
08:48:39.0375 0x1370 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:48:39.0422 0x1370 volmgrx - ok
08:48:39.0437 0x1370 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:48:39.0500 0x1370 volsnap - ok
08:48:39.0515 0x1370 [ 8F1E531D36D95B0586DA00D546AB8B9A, 206C568E3698096D2C2C2E5BAB53382B74DEF2B354E6029E7C34912A55A0897C ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
08:48:39.0578 0x1370 Vsdatant - ok
08:48:39.0749 0x1370 [ 21D22AC9B8B33AF6EEEBDB10D1661C37, 56C7A8E5C3084163342A433FD20DE8E9931C1C293B49C0F9CD9C8F45A56D135B ] vsmon C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
08:48:39.0968 0x1370 vsmon - ok
08:48:39.0999 0x1370 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:48:40.0030 0x1370 vsmraid - ok
08:48:40.0124 0x1370 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:48:40.0295 0x1370 VSS - ok
08:48:40.0311 0x1370 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:48:40.0358 0x1370 vwifibus - ok
08:48:40.0373 0x1370 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:48:40.0420 0x1370 vwififlt - ok
08:48:40.0436 0x1370 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:48:40.0545 0x1370 W32Time - ok
08:48:40.0545 0x1370 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:48:40.0592 0x1370 WacomPen - ok
08:48:40.0607 0x1370 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:48:40.0701 0x1370 WANARP - ok
08:48:40.0716 0x1370 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:48:40.0810 0x1370 Wanarpv6 - ok
08:48:40.0888 0x1370 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:48:41.0013 0x1370 wbengine - ok
08:48:41.0028 0x1370 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:48:41.0091 0x1370 WbioSrvc - ok
08:48:41.0122 0x1370 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:48:41.0200 0x1370 wcncsvc - ok
08:48:41.0200 0x1370 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:48:41.0278 0x1370 WcsPlugInService - ok
08:48:41.0278 0x1370 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
08:48:41.0325 0x1370 Wd - ok
08:48:41.0372 0x1370 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:48:41.0496 0x1370 Wdf01000 - ok
08:48:41.0512 0x1370 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:48:41.0543 0x1370 WdiServiceHost - ok
08:48:41.0559 0x1370 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:48:41.0590 0x1370 WdiSystemHost - ok
08:48:41.0606 0x1370 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
08:48:41.0668 0x1370 WebClient - ok
08:48:41.0684 0x1370 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:48:41.0808 0x1370 Wecsvc - ok
08:48:41.0824 0x1370 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:48:41.0918 0x1370 wercplsupport - ok
08:48:41.0918 0x1370 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:48:42.0042 0x1370 WerSvc - ok
08:48:42.0058 0x1370 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:48:42.0136 0x1370 WfpLwf - ok
08:48:42.0152 0x1370 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:48:42.0198 0x1370 WIMMount - ok
08:48:42.0245 0x1370 [ 1EDBBF412A382550AF6EB35F5E46928E, 23FC32929913CF784A78C334D0B0E9D812EA6BDF70BB5C993DDE492CBEE8265E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
08:48:42.0339 0x1370 winachsf - ok
08:48:42.0339 0x1370 WinDefend - ok
08:48:42.0370 0x1370 WinHttpAutoProxySvc - ok
08:48:42.0401 0x1370 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:48:42.0510 0x1370 Winmgmt - ok
08:48:42.0620 0x1370 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
08:48:42.0791 0x1370 WinRM - ok
08:48:42.0807 0x1370 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
08:48:42.0869 0x1370 WinUsb - ok
08:48:42.0916 0x1370 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:48:43.0025 0x1370 Wlansvc - ok
08:48:43.0025 0x1370 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:48:43.0056 0x1370 WmiAcpi - ok
08:48:43.0088 0x1370 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:48:43.0150 0x1370 wmiApSrv - ok
08:48:43.0166 0x1370 WMPNetworkSvc - ok
08:48:43.0181 0x1370 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:48:43.0212 0x1370 WPCSvc - ok
08:48:43.0228 0x1370 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:48:43.0275 0x1370 WPDBusEnum - ok
08:48:43.0275 0x1370 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:48:43.0384 0x1370 ws2ifsl - ok
08:48:43.0400 0x1370 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
08:48:43.0431 0x1370 wscsvc - ok
08:48:43.0446 0x1370 WSearch - ok
08:48:43.0571 0x1370 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
08:48:43.0727 0x1370 wuauserv - ok
08:48:43.0743 0x1370 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:48:43.0790 0x1370 WudfPf - ok
08:48:43.0805 0x1370 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:43.0852 0x1370 WUDFRd - ok
08:48:43.0868 0x1370 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:48:43.0914 0x1370 wudfsvc - ok
08:48:43.0946 0x1370 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:48:43.0992 0x1370 WwanSvc - ok
08:48:44.0008 0x1370 [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
08:48:44.0039 0x1370 XAudio - ok
08:48:44.0055 0x1370 [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
08:48:44.0102 0x1370 ZAPrivacyService - ok
08:48:44.0117 0x1370 ================ Scan global ===============================
08:48:44.0133 0x1370 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:48:44.0164 0x1370 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:48:44.0195 0x1370 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:48:44.0226 0x1370 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:48:44.0242 0x1370 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:48:44.0289 0x1370 [ Global ] - ok
08:48:44.0289 0x1370 ================ Scan MBR ==================================
08:48:44.0289 0x1370 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:48:44.0445 0x1370 \Device\Harddisk0\DR0 - ok
08:48:44.0460 0x1370 ================ Scan VBR ==================================
08:48:44.0460 0x1370 [ D06B6EA0A0D6B01BBCC6148196F1FC20 ] \Device\Harddisk0\DR0\Partition1
08:48:44.0460 0x1370 \Device\Harddisk0\DR0\Partition1 - ok
08:48:44.0476 0x1370 [ C658EF165D612A127D7E08BD092DDCA4 ] \Device\Harddisk0\DR0\Partition2
08:48:44.0476 0x1370 \Device\Harddisk0\DR0\Partition2 - ok
08:48:44.0476 0x1370 ================ Scan generic autorun ======================
08:48:44.0476 0x1370 [ E951218EB9A965F39B38EDC747922FDD, D1901383BD0622956A60AB3FD48773F36DE3897F2DE32A51460A5F0931D1BBA1 ] C:\Windows\system32\igfxtray.exe
08:48:44.0507 0x1370 IgfxTray - ok
08:48:44.0538 0x1370 [ 2ACE3C21083F5BB95CD56385A0E1581E, 6D668145D6CE8F70586FF504A272BD63EB2BF0EEC597D64A9D9F9B88EDA8C392 ] C:\Windows\system32\hkcmd.exe
08:48:44.0585 0x1370 HotKeysCmds - ok
08:48:44.0601 0x1370 [ 8C1183225C6774C103046DBC6BDDD446, 6B77DDF23C6E5EC35F050B54C7D85A607C43E510E2DCDD8A7B215940EFEC5768 ] C:\Windows\system32\igfxpers.exe
08:48:44.0648 0x1370 Persistence - ok
08:48:44.0679 0x1370 [ 0786EAB20BCB0794DE9EF809819B4EFF, A50BD65560A36FE0B8E48B142F56FE51FE394A59D23771F529CF663E3B646A46 ] C:\Windows\system32\TpShocks.exe
08:48:44.0726 0x1370 TpShocks - ok
08:48:44.0741 0x1370 [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
08:48:44.0788 0x1370 SmartAudio - ok
08:48:44.0788 0x1370 [ FD2FF9D00033BFF0E026960E80D41CE2, 66018DE278D85C9BCFFF62FDA087F4AFD01DC7A7F0D18EE8454996075DEAFD47 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
08:48:44.0819 0x1370 AcWin7Hlpr - ok
08:48:44.0819 0x1370 [ 084F1404AE15651DF5F5246C2E3D5569, 52212D1CBDDE9B5C5210216094EEB0D7AF8B85CE7A61690023F24A43338AC0C0 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
08:48:44.0850 0x1370 LENOVO.TPKNRRES - ok
08:48:44.0850 0x1370 SynTPEnh - ok
08:48:44.0866 0x1370 [ 5245671B65D182489C11C5D216601628, FADF0A825052AF72AB881565FC32421AB7809CF73DD0FEDDD4716CDA1183BC66 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
08:48:44.0897 0x1370 IMSS - ok
08:48:44.0897 0x1370 PWMTRV - ok
08:48:44.0913 0x1370 [ BA59761B013B65B6DB008EA19A557B42, 641E5A4B836CC0FE35B836CBA6ADA79729558137C9D404BEDD221D13833E40A9 ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
08:48:44.0944 0x1370 ZoneAlarm - ok
08:48:44.0944 0x1370 [ 35DCD380D4D579D8B8EA91D5D8AE444C, AC5B338FCD9358C2D519A7199B13794F33BFBE5BCE3AB5A6993A0D5A65A7EB1C ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
08:48:44.0975 0x1370 GrooveMonitor - ok
08:48:45.0006 0x1370 [ 7605271997CAB7E91549F343A83E622D, 9CA1933FBBC9CC9D2656AA69C933413DDBAAF43220B5C1E69F4C9F65296C5B42 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
08:48:45.0038 0x1370 ConnectionCenter - ok
08:48:45.0053 0x1370 [ 5D666FC778E7754CC7103402D814809B, 7E9B205B74440D455155014EE8D6FD0D1C647B016D72A28F16709F50BC005D3F ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
08:48:45.0069 0x1370 ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
08:48:47.0658 0x1370 Detect skipped due to KSN trusted
08:48:47.0658 0x1370 ControlCenter4 - ok
08:48:47.0939 0x1370 [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
08:48:48.0126 0x1370 BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
08:48:50.0732 0x1370 Detect skipped due to KSN trusted
08:48:50.0732 0x1370 BrStsMon00 - ok
08:48:50.0794 0x1370 [ AB9F9A8BBAEA4EA9732F1DC82B9D6A09, B56ED42AF1CA9E4472F497F5D2ED81A29F12E27F34DBE2C78C1FEB80217DBBAC ] C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe
08:48:50.0856 0x1370 BTnet Port Communicator - detected UnsignedFile.Multi.Generic ( 1 )
08:48:53.0493 0x1370 Detect skipped due to KSN trusted
08:48:53.0493 0x1370 BTnet Port Communicator - ok
08:48:53.0680 0x1370 [ EC7523C687CF755D17BF1BCC63BBA300, 83D90574A78A0773A2683587F09D5F85F8A7B49106501E058EAE752E2E6F360B ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
08:48:53.0758 0x1370 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
08:48:56.0769 0x1370 Detect skipped due to KSN trusted
08:48:56.0769 0x1370 BrMfcWnd - ok
08:48:56.0784 0x1370 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
08:48:56.0800 0x1370 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
08:48:59.0312 0x1370 Detect skipped due to KSN trusted
08:48:59.0312 0x1370 ControlCenter3 - ok
08:48:59.0374 0x1370 [ 0DAE289D57315E03F0018A9811372DAD, 3E6218B73293BBF5A5C99DA38CFD934096383A6EA9CD3B3CF7D3CCE12ECF348D ] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
08:48:59.0468 0x1370 AvgUi - ok
08:48:59.0483 0x1370 [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
08:48:59.0499 0x1370 Avira Systray - ok
08:48:59.0546 0x1370 [ 085F30DB0B38903940A4141E675BDC08, 3ABFB79C850D2B1976DB4DEF69AA031C4E18B5E240316908DDD16DEA4050365A ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
08:48:59.0592 0x1370 avgnt - ok
08:48:59.0624 0x1370 [ 8402328BAF6BADCBD00249959E4F03D9, B32F75A7851413EAC339DE958D21DE4F6E998A771BE544F8FB37AE2465635D21 ] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe
08:48:59.0639 0x1370 Memeo AutoSync - ok
08:48:59.0702 0x1370 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:48:59.0842 0x1370 Sidebar - ok
08:48:59.0842 0x1370 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:48:59.0920 0x1370 mctadmin - ok
08:48:59.0998 0x1370 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:49:00.0092 0x1370 Sidebar - ok
08:49:00.0107 0x1370 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:49:00.0154 0x1370 mctadmin - ok
08:49:00.0435 0x1370 [ B7275CEE6103BAD919BE61DFEE7D2895, D97619370A4EF70FEF462417479E0F492C765B3F7CC0E5B67DB0C8DFB52E5967 ] C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe
08:49:00.0809 0x1370 Amazon Music - ok
08:49:00.0809 0x1370 Waiting for KSN requests completion. In queue: 9
08:49:01.0823 0x1370 Waiting for KSN requests completion. In queue: 9
08:49:02.0837 0x1370 Waiting for KSN requests completion. In queue: 9
08:49:03.0898 0x1370 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.650 ), 0x41000 ( enabled : updated )
08:49:03.0914 0x1370 FW detected via SS2: ZoneAlarm Free Firewall Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.209.0 ), 0x41010 ( enabled )
08:49:06.0410 0x1370 ============================================================
08:49:06.0410 0x1370 Scan finished
08:49:06.0410 0x1370 ============================================================
08:49:06.0425 0x1994 Detected object count: 0
08:49:06.0425 0x1994 Actual detected object count: 0
|
|
18.03.2015, 17:15
| #8 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren Kam die Meldung nochmal?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.03.2015, 17:26
| #9 |
| | Windows wird in einer Minute heruntergefahren Nein bisher nicht mehr, hatte den Computer aber auch nur die nötigste Zeit zum durchführen der Schritte an. |
|
19.03.2015, 09:30
| #10 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren Arbeite mal normal mit dem Teil und beobachte das Ganze eine Zeit lang.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2015, 21:17
| #11 |
| | Windows wird in einer Minute heruntergefahren Hallo Schrauber, die Meldung kam nicht mehr, aber ich hab das gefühl, dass der Computer immer langsamer wird. Hast du noch eine Idee was ich tun kann ? |
|
21.03.2015, 11:23
| #12 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren Wann genau ist er denn langsam? Poste bitte mal ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.03.2015, 16:50
| #13 |
| | Windows wird in einer Minute heruntergefahren Also langsam ist er vor allem beim Start während die Programme aus dem Autostart geladen werden, da brauch er bestimmt 4 mal so länger wie früher. Ab und an hängt er sich auch auf beim Starten von Firefox oder Office Dateien. Der Wachsel über Alt + Tab zwischen Ordner bzw. Programmen verursacht auch immer wieder mal kurzzeitige Hänger. Anbei die aktuelle FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by T410 (administrator) on T410-PC on 22-03-2015 15:00:15 Running from C:\Users\T410\Desktop Loaded Profiles: T410 (Available profiles: T410) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Beratungstechnologie) C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Oracle Corporation) C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\oracle.exe () C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Oracle Corporation) C:\Program Files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384296 2013-08-21] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1167360 2009-08-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-09] (Memeo Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-17] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-4019914278-3383403226-850106173-1000\...\Run: [Amazon Music] => C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] () Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BasisAutostart.lnk ShortcutTarget: BasisAutostart.lnk -> C:\Programme\Nuernberger\Basis\bin\BasisAutostart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\S-1-5-21-4019914278-3383403226-850106173-1000 -> {76DB03E3-82E0-453E-8523-ADF5ED0A5824} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default FF SelectedSearchEngine: Search By ZoneAlarm FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-06] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-06] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\user.js [2015-02-11] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.) FF SearchPlugin: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\searchplugins\avira-safesearch.xml [2015-02-27] FF SearchPlugin: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\searchplugins\zonealarm.xml [2015-02-11] FF Extension: Avira Browser Safety - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\abs@avira.com [2015-03-09] FF Extension: Avira SafeSearch - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\safesearch@avira.com [2015-02-27] FF Extension: Adblock Plus - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-17] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-17] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed] R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 OracleJobSchedulerBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed] S3 OracleMTSRecoveryService; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed] R2 OracleServiceBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed] R2 OracleXETNSListener; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] () [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-10-31] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) U2 OracleOraHomeXEBASISSTNSListener; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 15:00 - 2015-03-22 15:00 - 00023663 _____ () C:\Users\T410\Desktop\FRST.txt 2015-03-19 16:12 - 2015-03-19 16:12 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Avira 2015-03-19 16:11 - 2015-03-17 13:07 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-19 11:51 - 2015-03-22 14:59 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner (2) 2015-03-18 23:48 - 2015-03-18 23:48 - 00012438 _____ () C:\Users\T410\Tool LW AP Tobias.xlsx 2015-03-18 13:09 - 2015-03-18 13:09 - 00000000 _____ () C:\Users\T410\Desktop\021598206984 - Geißler.txt 2015-03-17 16:04 - 2015-03-17 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-17 10:22 - 2015-03-22 15:00 - 00000000 ____D () C:\FRST 2015-03-17 10:21 - 2015-03-17 10:21 - 02095616 _____ (Farbar) C:\Users\T410\Desktop\FRST64.exe 2015-03-17 01:13 - 2015-03-22 14:56 - 00000896 _____ () C:\Windows\setupact.log 2015-03-17 01:13 - 2015-03-19 22:15 - 00008110 _____ () C:\Windows\PFRO.log 2015-03-17 01:13 - 2015-03-17 01:13 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-16 23:32 - 2015-03-22 14:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-16 23:32 - 2015-03-17 16:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-16 23:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-16 23:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-16 11:57 - 2015-03-16 11:57 - 00000000 _____ () C:\Users\T410\Sti_Trace.log 2015-03-15 22:30 - 2015-03-21 10:39 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner 2015-03-13 22:47 - 2015-03-13 22:47 - 00000046 _____ () C:\Users\T410\Desktop\kdg 1 &1.txt 2015-03-10 23:33 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 23:33 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 23:33 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 23:33 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 23:33 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 23:33 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 23:33 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 23:33 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 23:33 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 23:33 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 23:33 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 23:33 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 23:33 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 23:33 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 23:33 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 23:33 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 23:32 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 23:32 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 23:32 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 23:32 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 23:32 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 23:32 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 23:32 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 23:32 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 23:32 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 23:32 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 23:32 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 23:32 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 23:32 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 23:32 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 23:32 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 23:32 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 23:32 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 23:32 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 23:32 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 23:32 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 23:32 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 23:32 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 23:32 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 23:32 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 23:32 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 23:32 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 23:32 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 23:32 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 23:32 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 23:32 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 23:32 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 23:32 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 23:32 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 23:32 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 23:32 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 23:32 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 23:31 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 23:31 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-09 22:44 - 2015-03-11 13:56 - 00000000 ___HD () C:\_Memeo 2015-03-09 22:44 - 2015-03-09 22:44 - 00000000 ____D () C:\ProgramData\MemeoCommon 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Program Files (x86)\Memeo 2015-03-07 17:19 - 2015-03-07 17:19 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2015-03-06 20:13 - 2015-03-19 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-06 20:13 - 2015-03-19 16:11 - 00000000 ____D () C:\ProgramData\Avira 2015-03-06 19:35 - 2015-03-06 19:35 - 00002213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-03-06 19:35 - 2015-03-06 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2015-03-06 19:35 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-03-06 19:35 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-03-06 19:35 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-03-06 19:33 - 2015-03-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-03-06 19:32 - 2015-03-06 19:33 - 00000000 ____D () C:\Users\T410\AppData\Local\AvgSetupLog 2015-03-06 13:12 - 2015-03-06 13:12 - 00000000 ____D () C:\Users\T410\AppData\Local\Macromedia 2015-03-06 13:11 - 2015-03-06 13:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-06 13:11 - 2015-03-06 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-06 11:40 - 2015-03-22 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-04 09:15 - 2015-03-04 09:15 - 00001077 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTnet 01.2015.lnk 2015-03-04 09:15 - 2015-03-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTnet 01.2015 2015-02-25 13:42 - 2015-02-25 13:42 - 00000000 ____D () C:\Users\Stephan 2015-02-25 13:36 - 2015-02-25 13:44 - 00012694 _____ () C:\Windows\BASIS_Server.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00001591 _____ () C:\Users\Public\Desktop\BASIS.lnk 2015-02-25 13:36 - 2015-02-25 13:36 - 00000059 _____ () C:\Windows\BASIS_VB_Client.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BASIS 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\Program Files\JavaSoft 2015-02-25 13:36 - 2015-02-12 15:25 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-02-25 13:36 - 2001-08-27 16:41 - 00007568 _____ (pdv) C:\Windows\SysWOW64\Sysres16.exe 2015-02-25 13:36 - 2001-05-23 14:13 - 00221184 _____ () C:\Windows\SysWOW64\MSWLESS.oca 2015-02-25 13:36 - 2001-05-16 09:53 - 00022016 _____ () C:\Windows\SysWOW64\MSWINSCK.oca 2015-02-25 13:36 - 2001-03-19 21:42 - 00017920 _____ () C:\Windows\SysWOW64\sqaote32.oca 2015-02-25 13:36 - 2000-10-19 18:07 - 01101312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2015-02-25 13:36 - 2000-08-29 00:00 - 00516173 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcp60d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00798773 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfco42d.dll 2015-02-25 13:36 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx 2015-02-25 13:36 - 2000-03-22 23:02 - 00074000 _____ (Rational Software) C:\Windows\SysWOW64\sqaote32.ocx 2015-02-25 13:36 - 1999-12-10 14:00 - 00537360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll 2015-02-25 13:36 - 1999-12-10 14:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrnde.dll 2015-02-25 13:36 - 1999-05-07 13:24 - 00645616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2015-02-25 13:36 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2015-02-25 13:36 - 1999-03-23 01:00 - 00401484 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcrtd.dll 2015-02-25 13:36 - 1999-02-23 02:25 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GAPI32.DLL 2015-02-25 13:36 - 1998-06-24 19:56 - 00386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswless.ocx 2015-02-25 13:36 - 1995-08-15 01:00 - 00935632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40016.dll 2015-02-25 13:36 - 1995-08-15 01:00 - 00536048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oc25.dll 2015-02-25 13:35 - 2015-02-25 13:35 - 00024406 _____ () C:\log.LOG 2015-02-25 13:28 - 2015-03-06 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 10g Express Edition 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio .NET 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\OraHomeXEBASIS 2015-02-25 13:26 - 2015-02-25 13:26 - 00000000 ____D () C:\Program Files\Nuernberger 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iTunes 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iPod 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-23 18:24 - 2015-02-23 18:24 - 00000000 ____D () C:\Program Files (x86)\Nuernberger 2015-02-22 21:45 - 2015-02-22 21:45 - 00002425 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTplus 01.2015.lnk 2015-02-22 21:44 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTplus 01.2015 2015-02-20 17:14 - 2015-03-20 21:15 - 00000000 ____D () C:\Users\T410\Desktop\Aktenablage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 14:59 - 2015-02-11 21:07 - 00000000 ____D () C:\Users\T410\Outlook 2015-03-22 14:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-22 14:17 - 2013-11-09 12:20 - 01453244 _____ () C:\Windows\WindowsUpdate.log 2015-03-22 12:19 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-22 12:19 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-22 12:14 - 2011-04-12 08:26 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-22 12:14 - 2011-04-12 08:26 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-22 12:14 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-20 21:17 - 2013-11-09 12:49 - 00000000 ____D () C:\Users\T410 2015-03-20 15:21 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Anschreiben Tobi 2015-03-20 14:05 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\NBG_Kunden 2015-03-20 12:55 - 2015-02-12 10:20 - 00157696 _____ () C:\Users\T410\Antragsstatistik 2014.xls 2015-03-20 12:53 - 2015-02-12 10:20 - 00099840 _____ () C:\Users\T410\Antragsstatistik 2015.xls 2015-03-20 10:47 - 2015-02-12 12:45 - 00000336 _____ () C:\Windows\BRCALIB.INI 2015-03-19 16:11 - 2015-02-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-19 15:06 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\BT-NET Angebote 2015-03-16 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-15 22:10 - 2015-02-11 22:58 - 00000000 ____D () C:\Users\T410\Verkaufsunterstützung 2015-03-15 22:10 - 2015-02-11 22:51 - 00000000 ____D () C:\Users\T410\others 2015-03-15 21:56 - 2015-02-11 22:54 - 00000000 ____D () C:\Users\T410\Privat 2015-03-15 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-15 13:16 - 2015-02-11 23:01 - 00000000 ____D () C:\Users\T410\Aktionen 2015-03-15 12:58 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc 2015-03-15 12:19 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Vorgänge 2015-03-15 12:02 - 2015-02-12 15:35 - 00067072 ___SH () C:\Users\T410\Thumbs.db 2015-03-15 11:57 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Agentur 2015-03-11 14:56 - 2015-02-11 20:18 - 00000000 ____D () C:\ProgramData\AVG 2015-03-11 13:55 - 2015-02-12 10:22 - 00000000 ____D () C:\Users\T410\Desktop\CLEFFMANN 2015-03-11 12:53 - 2009-07-14 05:45 - 00414016 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-10 23:46 - 2015-02-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-10 23:43 - 2013-11-09 18:43 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-10 23:42 - 2013-11-09 18:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 19:40 - 2015-02-11 22:57 - 00000000 ____D () C:\Users\T410\Schäden 2015-03-07 23:26 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Kunden 2015-03-06 20:13 - 2015-02-11 20:04 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-06 19:33 - 2015-02-11 20:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-03-06 19:08 - 2015-02-11 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-06 13:12 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe 2015-03-06 12:45 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Analysebögen 2015-03-06 11:45 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Word 2015-03-05 12:34 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Femdkündigungen 2015-03-04 16:16 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\Kundeninfo NÜRNBERGER 2015-02-26 17:32 - 2013-11-09 12:50 - 00000000 ____D () C:\Users\T410\AppData\Local\VirtualStore 2015-02-25 13:38 - 2013-11-09 12:56 - 00109680 _____ () C:\Users\T410\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-25 13:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-02-25 13:29 - 2013-11-09 18:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-23 18:33 - 2015-02-12 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-23 18:33 - 2015-02-12 10:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-23 15:33 - 2015-02-12 15:13 - 00000000 ____D () C:\ProgramData\firebird 2015-02-22 21:44 - 2015-02-12 14:24 - 00000000 ____D () C:\Program Files (x86)\NuernbergerBT Some content of TEMP: ==================== C:\Users\T410\AppData\Local\Temp\avgnt.exe C:\Users\T410\AppData\Local\Temp\jna1340255804405596556.dll C:\Users\T410\AppData\Local\Temp\jna1615681904888754662.dll C:\Users\T410\AppData\Local\Temp\jna1761454685846925257.dll C:\Users\T410\AppData\Local\Temp\jna4430703681249877595.dll C:\Users\T410\AppData\Local\Temp\jna4916808359591947252.dll C:\Users\T410\AppData\Local\Temp\jna6168455337049845658.dll C:\Users\T410\AppData\Local\Temp\jna6872570906309590146.dll C:\Users\T410\AppData\Local\Temp\jna8228884189022089730.dll C:\Users\T410\AppData\Local\Temp\jna936127118835964817.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-19 10:41 ==================== End Of Log ============================ |
|
23.03.2015, 09:16
| #14 |
| /// the machine /// TB-Ausbilder | Windows wird in einer Minute heruntergefahren Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 13:28
| #15 |
| | Windows wird in einer Minute heruntergefahren Also erstmal die Mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.03.2015 Suchlauf-Zeit: 13:03:02 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.23.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: T410 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 398254 Verstrichene Zeit: 7 Min, 10 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Dann die log von adwcleaner: Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 23/03/2015 um 13:14:08
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : T410 - T410-PC
# Gestarted von : C:\Users\T410\Downloads\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\T410\AppData\Local\pdfforge
Ordner Gelöscht : C:\Users\T410\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\T410\AppData\Roaming\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\T410\Documents\Updater
Datei Gelöscht : C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.4 (x86 de)
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14b7a07e8a89-0db3f681483dc88-46544136-0-14b7a07e8a9298\"");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1427449568");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"63502764acd0d54b1ccf6ae84710b2594fe2663a\"");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5844801355");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"bc05dc18f72a5b7f8f0c1a3537edc7aecec453e0\"");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1423681513649");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\T410\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2v635jr3.default\\\\extensions\\\\abs@avir[...]
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=1ccb03569129494aa9a0384794b89d24&tu=10G9y00IL1D33N0&sku=&tstsId=&ver=&&q=");
[2v635jr3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=1ccb03569129494aa9a0384794b89d24&tu=10G9y00IL1D33N0&sku=&tstsId=&ver=&&q=");
[dnpunxya.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=5bc59a3d5ac04b8ab8a0e0d7c1e6dd4a&tu=10G9y00FK1D20F0&sku=&tstsId=&ver=&");
[dnpunxya.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=5bc59a3d5ac04b8ab8a0e0d7c1e6dd4a&tu=10G9y00FK1D20F0&sku=&tstsId=&ver=&");
[dnpunxya.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=5bc59a3d5ac04b8ab8a0e0d7c1e6dd4a&tu=10G9y00FK1D20F0&sku=&tstsId=&ver=&&q=");
*************************
AdwCleaner[R0].txt - [5688 Bytes] - [23/03/2015 13:11:45]
AdwCleaner[S0].txt - [5741 Bytes] - [23/03/2015 13:14:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5800 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Professional x64
Ran by T410 on 23.03.2015 at 13:17:29,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\T410\AppData\Roaming\mozilla\firefox\profiles\2v635jr3.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\T410\AppData\Roaming\mozilla\firefox\profiles\2v635jr3.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\T410\AppData\Roaming\mozilla\firefox\profiles\2v635jr3.default\prefs.js
user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\T410\\\\AppData\\\\Roaming\
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14b7a07e8a89-0db3f681483dc88-46544136-0-14b7a07e8a9298\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1427717767");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"0496c026f5b718736d1fdc96927ac4b7693ea373\"");
user_pref("extensions.safesearch.SAUTH_userid", "5956698156");
user_pref("extensions.safesearch.SAUTH_utoken", "\"4b891aa0e92606f89c81361d4e01ee398a4e833e\"");
user_pref("extensions.safesearch.install", "1427112967148");
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\T410\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2v635jr3.default\
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.03.2015 at 13:21:21,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by T410 (administrator) on T410-PC on 23-03-2015 13:22:21 Running from C:\Users\T410\Desktop Loaded Profiles: T410 (Available profiles: T410) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Beratungstechnologie) C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Oracle Corporation) C:\Program Files (x86)\NuernbergerBT\JDK\jre\bin\BTnetDope01.2015.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Oracle Corporation) C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\oracle.exe () C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe () C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe (sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe (NÜRNBERGER Versicherungsgruppe) C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.Updater.TrayApp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (NUERNBERGER Versicherungsgruppe) C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384296 2013-08-21] (Lenovo.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-08-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BTnet Port Communicator] => C:\Program Files (x86)\NuernbergerBT\BT.Net_Listener.exe [976896 2014-12-15] (NUERNBERGER Versicherungsgruppe) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1167360 2009-08-03] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-09] (Memeo Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-17] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-4019914278-3383403226-850106173-1000\...\Run: [Amazon Music] => C:\Users\T410\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] () Lsa: [Notification Packages] scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BasisAutostart.lnk ShortcutTarget: BasisAutostart.lnk -> C:\Programme\Nuernberger\Basis\bin\BasisAutostart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NÜRNBERGER Autoupdater.lnk ShortcutTarget: NÜRNBERGER Autoupdater.lnk -> C:\Windows\Installer\{F4FD5683-3FBB-4DA1-BBD5-17D7E5CC0472}\Tray.exe (NÜRNBERGER Versicherungsgruppe) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4019914278-3383403226-850106173-1000 -> {76DB03E3-82E0-453E-8523-ADF5ED0A5824} URL = https://www.google.com/search?q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default FF SelectedSearchEngine: Search By ZoneAlarm FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-06] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-06] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.) FF Extension: Avira Browser Safety - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\abs@avira.com [2015-03-09] FF Extension: Adblock Plus - C:\Users\T410\AppData\Roaming\Mozilla\Firefox\Profiles\2v635jr3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-17] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 BTAVB_KomDienst_Vers_BTnet_0115; C:\Program Files (x86)\NuernbergerBT\BTnet_0115\AVB_Steuerung\BTAVB_KomDienst.exe [17920 2013-04-03] (Beratungstechnologie) [File not signed] R2 BT_InstallationsDienst; C:\Program Files (x86)\NÜRNBERGER Autoupdater\BT.Setup.InstallationsDienst.exe [21072 2015-02-11] (NÜRNBERGER Versicherungsgruppe) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-09-03] (Lenovo.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 OracleJobSchedulerBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed] S3 OracleMTSRecoveryService; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed] R2 OracleServiceBASIS; c:\orahomexebasis\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed] R2 OracleXETNSListener; C:\OraHomeXEBASIS\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] () [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-10-31] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-09-26] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) U2 OracleOraHomeXEBASISSTNSListener; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 13:22 - 2015-03-23 13:22 - 00023426 _____ () C:\Users\T410\Desktop\FRST.txt 2015-03-23 13:22 - 2015-03-17 10:21 - 02095616 _____ (Farbar) C:\Users\T410\Desktop\FRST64.exe 2015-03-23 13:21 - 2015-03-23 13:21 - 00002200 _____ () C:\Users\T410\Desktop\JRT.txt 2015-03-23 13:16 - 2015-03-23 13:17 - 01388782 _____ (Thisisu) C:\Users\T410\Downloads\JRT.exe 2015-03-23 13:15 - 2015-03-23 13:15 - 00005884 _____ () C:\Users\T410\Desktop\AdwCleaner[S0].txt 2015-03-23 13:11 - 2015-03-23 13:14 - 00000000 ____D () C:\AdwCleaner 2015-03-23 13:11 - 2015-03-23 13:11 - 02168320 _____ () C:\Users\T410\Downloads\AdwCleaner_4.113.exe 2015-03-23 13:10 - 2015-03-23 13:10 - 00001207 _____ () C:\Users\T410\Desktop\mbam.txt 2015-03-23 13:02 - 2015-03-23 13:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 13:01 - 2015-03-23 13:01 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\T410\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-23 13:01 - 2015-03-23 13:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-23 13:01 - 2015-03-23 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-23 13:01 - 2015-03-23 13:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-23 13:01 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-23 13:01 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-23 13:01 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-22 16:50 - 2015-03-22 16:50 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner (3) 2015-03-22 14:04 - 2015-03-22 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-19 16:12 - 2015-03-19 16:12 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Avira 2015-03-19 16:11 - 2015-03-17 13:07 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-19 16:11 - 2015-03-17 13:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-19 11:51 - 2015-03-22 14:59 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner (2) 2015-03-18 23:48 - 2015-03-18 23:48 - 00012438 _____ () C:\Users\T410\Tool LW AP Tobias.xlsx 2015-03-18 13:09 - 2015-03-18 13:09 - 00000000 _____ () C:\Users\T410\Desktop\021598206984 - Geißler.txt 2015-03-17 16:04 - 2015-03-17 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-17 10:22 - 2015-03-23 13:22 - 00000000 ____D () C:\FRST 2015-03-17 01:13 - 2015-03-23 13:14 - 00008712 _____ () C:\Windows\PFRO.log 2015-03-17 01:13 - 2015-03-23 13:14 - 00001008 _____ () C:\Windows\setupact.log 2015-03-17 01:13 - 2015-03-17 01:13 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-16 23:32 - 2015-03-16 23:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-16 11:57 - 2015-03-16 11:57 - 00000000 _____ () C:\Users\T410\Sti_Trace.log 2015-03-15 22:30 - 2015-03-21 10:39 - 00000000 ____D () C:\Users\T410\Desktop\Neuer Ordner 2015-03-13 22:47 - 2015-03-13 22:47 - 00000046 _____ () C:\Users\T410\Desktop\kdg 1 &1.txt 2015-03-10 23:33 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 23:33 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 23:33 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 23:33 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 23:33 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 23:33 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 23:33 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 23:33 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 23:33 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 23:33 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 23:33 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 23:33 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 23:33 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 23:33 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 23:33 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 23:33 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 23:33 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 23:33 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 23:33 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 23:33 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 23:33 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 23:33 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 23:33 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 23:33 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 23:33 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 23:33 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 23:33 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 23:33 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 23:33 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 23:32 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 23:32 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 23:32 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 23:32 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 23:32 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 23:32 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 23:32 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 23:32 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 23:32 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 23:32 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 23:32 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 23:32 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 23:32 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 23:32 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 23:32 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 23:32 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 23:32 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 23:32 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 23:32 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 23:32 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 23:32 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 23:32 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 23:32 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 23:32 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 23:32 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 23:32 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 23:32 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 23:32 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 23:32 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 23:32 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 23:32 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 23:32 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 23:32 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 23:32 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 23:32 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 23:32 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 23:32 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 23:32 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 23:32 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 23:32 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 23:32 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 23:32 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 23:32 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 23:32 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 23:32 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 23:32 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 23:32 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 23:32 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 23:32 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 23:32 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 23:32 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 23:32 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 23:32 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 23:32 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 23:31 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 23:31 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-09 22:44 - 2015-03-11 13:56 - 00000000 ___HD () C:\_Memeo 2015-03-09 22:44 - 2015-03-09 22:44 - 00000000 ____D () C:\ProgramData\MemeoCommon 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Users\T410\AppData\Roaming\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo 2015-03-09 21:15 - 2015-03-09 21:15 - 00000000 ____D () C:\Program Files (x86)\Memeo 2015-03-07 17:19 - 2015-03-07 17:19 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2015-03-06 20:13 - 2015-03-19 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-06 20:13 - 2015-03-19 16:11 - 00000000 ____D () C:\ProgramData\Avira 2015-03-06 19:35 - 2015-03-06 19:35 - 00002213 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk 2015-03-06 19:35 - 2015-03-06 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2015-03-06 19:35 - 2015-02-25 09:25 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe 2015-03-06 19:35 - 2015-02-25 09:24 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll 2015-03-06 19:35 - 2015-02-25 09:24 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll 2015-03-06 19:33 - 2015-03-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-03-06 19:32 - 2015-03-06 19:33 - 00000000 ____D () C:\Users\T410\AppData\Local\AvgSetupLog 2015-03-06 13:12 - 2015-03-06 13:12 - 00000000 ____D () C:\Users\T410\AppData\Local\Macromedia 2015-03-06 13:11 - 2015-03-06 13:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-06 13:11 - 2015-03-06 13:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-06 13:11 - 2015-03-06 13:11 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-06 11:40 - 2015-03-22 16:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2015-03-04 09:15 - 2015-03-04 09:15 - 00001077 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTnet 01.2015.lnk 2015-03-04 09:15 - 2015-03-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTnet 01.2015 2015-02-25 13:42 - 2015-02-25 13:42 - 00000000 ____D () C:\Users\Stephan 2015-02-25 13:36 - 2015-02-25 13:44 - 00012694 _____ () C:\Windows\BASIS_Server.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00001591 _____ () C:\Users\Public\Desktop\BASIS.lnk 2015-02-25 13:36 - 2015-02-25 13:36 - 00000059 _____ () C:\Windows\BASIS_VB_Client.pdv 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BASIS 2015-02-25 13:36 - 2015-02-25 13:36 - 00000000 ____D () C:\Program Files\JavaSoft 2015-02-25 13:36 - 2015-02-12 15:25 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-02-25 13:36 - 2015-02-12 15:25 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-02-25 13:36 - 2001-08-27 16:41 - 00007568 _____ (pdv) C:\Windows\SysWOW64\Sysres16.exe 2015-02-25 13:36 - 2001-05-23 14:13 - 00221184 _____ () C:\Windows\SysWOW64\MSWLESS.oca 2015-02-25 13:36 - 2001-05-16 09:53 - 00022016 _____ () C:\Windows\SysWOW64\MSWINSCK.oca 2015-02-25 13:36 - 2001-03-19 21:42 - 00017920 _____ () C:\Windows\SysWOW64\sqaote32.oca 2015-02-25 13:36 - 2000-10-19 18:07 - 01101312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2015-02-25 13:36 - 2000-08-29 00:00 - 00516173 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcp60d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42d.dll 2015-02-25 13:36 - 2000-07-15 00:00 - 00798773 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfco42d.dll 2015-02-25 13:36 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2015-02-25 13:36 - 2000-05-22 01:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswinsck.ocx 2015-02-25 13:36 - 2000-03-22 23:02 - 00074000 _____ (Rational Software) C:\Windows\SysWOW64\sqaote32.ocx 2015-02-25 13:36 - 1999-12-10 14:00 - 00537360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll 2015-02-25 13:36 - 1999-12-10 14:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrnde.dll 2015-02-25 13:36 - 1999-05-07 13:24 - 00645616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2015-02-25 13:36 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2015-02-25 13:36 - 1999-03-23 01:00 - 00401484 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcrtd.dll 2015-02-25 13:36 - 1999-02-23 02:25 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GAPI32.DLL 2015-02-25 13:36 - 1998-06-24 19:56 - 00386872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mswless.ocx 2015-02-25 13:36 - 1995-08-15 01:00 - 00935632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40016.dll 2015-02-25 13:36 - 1995-08-15 01:00 - 00536048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oc25.dll 2015-02-25 13:35 - 2015-02-25 13:35 - 00024406 _____ () C:\log.LOG 2015-02-25 13:28 - 2015-03-06 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 10g Express Edition 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio .NET 2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\OraHomeXEBASIS 2015-02-25 13:26 - 2015-02-25 13:26 - 00000000 ____D () C:\Program Files\Nuernberger 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iTunes 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files\iPod 2015-02-23 18:33 - 2015-02-23 18:33 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-23 18:24 - 2015-02-23 18:24 - 00000000 ____D () C:\Program Files (x86)\Nuernberger 2015-02-22 21:45 - 2015-02-22 21:45 - 00002425 _____ () C:\Users\Public\Desktop\NÜRNBERGER BTplus 01.2015.lnk 2015-02-22 21:44 - 2015-02-22 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTplus 01.2015 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 13:22 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-23 13:22 - 2009-07-14 05:45 - 00023104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-23 13:21 - 2011-04-12 08:26 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-23 13:21 - 2011-04-12 08:26 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-23 13:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-23 13:19 - 2013-11-09 12:20 - 01488607 _____ () C:\Windows\WindowsUpdate.log 2015-03-23 13:18 - 2015-02-11 21:07 - 00000000 ____D () C:\Users\T410\Outlook 2015-03-23 13:14 - 2015-02-11 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-23 13:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-23 12:51 - 2015-02-20 17:14 - 00000000 ____D () C:\Users\T410\Desktop\Aktenablage 2015-03-20 21:17 - 2013-11-09 12:49 - 00000000 ____D () C:\Users\T410 2015-03-20 15:21 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Anschreiben Tobi 2015-03-20 14:05 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\NBG_Kunden 2015-03-20 12:55 - 2015-02-12 10:20 - 00157696 _____ () C:\Users\T410\Antragsstatistik 2014.xls 2015-03-20 12:53 - 2015-02-12 10:20 - 00099840 _____ () C:\Users\T410\Antragsstatistik 2015.xls 2015-03-20 10:47 - 2015-02-12 12:45 - 00000336 _____ () C:\Windows\BRCALIB.INI 2015-03-19 16:11 - 2015-02-11 20:04 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-19 15:06 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\BT-NET Angebote 2015-03-16 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-15 22:10 - 2015-02-11 22:58 - 00000000 ____D () C:\Users\T410\Verkaufsunterstützung 2015-03-15 22:10 - 2015-02-11 22:51 - 00000000 ____D () C:\Users\T410\others 2015-03-15 21:56 - 2015-02-11 22:54 - 00000000 ____D () C:\Users\T410\Privat 2015-03-15 13:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-15 13:16 - 2015-02-11 23:01 - 00000000 ____D () C:\Users\T410\Aktionen 2015-03-15 12:58 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Roaming\vlc 2015-03-15 12:19 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Vorgänge 2015-03-15 12:02 - 2015-02-12 15:35 - 00067072 ___SH () C:\Users\T410\Thumbs.db 2015-03-15 11:57 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Agentur 2015-03-11 14:56 - 2015-02-11 20:18 - 00000000 ____D () C:\ProgramData\AVG 2015-03-11 13:55 - 2015-02-12 10:22 - 00000000 ____D () C:\Users\T410\Desktop\CLEFFMANN 2015-03-11 12:53 - 2009-07-14 05:45 - 00414016 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 12:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-10 23:46 - 2015-02-11 20:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-10 23:43 - 2013-11-09 18:43 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-10 23:42 - 2013-11-09 18:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 19:40 - 2015-02-11 22:57 - 00000000 ____D () C:\Users\T410\Schäden 2015-03-07 23:26 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Kunden 2015-03-06 20:13 - 2015-02-11 20:04 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-06 19:33 - 2015-02-11 20:19 - 00000000 ____D () C:\Program Files (x86)\AVG 2015-03-06 13:12 - 2015-02-11 23:17 - 00000000 ____D () C:\Users\T410\AppData\Local\Adobe 2015-03-06 12:45 - 2015-02-11 23:02 - 00000000 ____D () C:\Users\T410\Analysebögen 2015-03-06 11:45 - 2015-02-11 22:59 - 00000000 ____D () C:\Users\T410\Word 2015-03-05 12:34 - 2015-02-11 22:48 - 00000000 ____D () C:\Users\T410\Femdkündigungen 2015-03-04 16:16 - 2015-02-11 22:50 - 00000000 ____D () C:\Users\T410\Kundeninfo NÜRNBERGER 2015-02-26 17:32 - 2013-11-09 12:50 - 00000000 ____D () C:\Users\T410\AppData\Local\VirtualStore 2015-02-25 13:38 - 2013-11-09 12:56 - 00109680 _____ () C:\Users\T410\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-25 13:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-02-25 13:29 - 2013-11-09 18:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-23 18:33 - 2015-02-12 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-23 18:33 - 2015-02-12 10:05 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-23 15:33 - 2015-02-12 15:13 - 00000000 ____D () C:\ProgramData\firebird 2015-02-22 21:44 - 2015-02-12 14:24 - 00000000 ____D () C:\Program Files (x86)\NuernbergerBT Some content of TEMP: ==================== C:\Users\T410\AppData\Local\Temp\avgnt.exe C:\Users\T410\AppData\Local\Temp\jna1340255804405596556.dll C:\Users\T410\AppData\Local\Temp\jna1615681904888754662.dll C:\Users\T410\AppData\Local\Temp\jna1761454685846925257.dll C:\Users\T410\AppData\Local\Temp\jna4430703681249877595.dll C:\Users\T410\AppData\Local\Temp\jna4916808359591947252.dll C:\Users\T410\AppData\Local\Temp\jna6168455337049845658.dll C:\Users\T410\AppData\Local\Temp\jna6872570906309590146.dll C:\Users\T410\AppData\Local\Temp\jna8228884189022089730.dll C:\Users\T410\AppData\Local\Temp\jna936127118835964817.dll C:\Users\T410\AppData\Local\Temp\Quarantine.exe C:\Users\T410\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-19 10:41 ==================== End Of Log ============================ |
|
| Themen zu Windows wird in einer Minute heruntergefahren |
| 64 bit, fehler, gestern, hallo zusammen, handel, meldung, minute, natürlich, nutze, troja, trojaner, virus, windows, windows 7, windows 7 64 bit, zusammen |
Linear-Darstellung
