| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund: Loader.jar, Fund: EXP/Java.Ternewb.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2015, 18:25
| #1 |
 |  Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Hallo liebe Trojaner-Board Community! Gestern erhielt ich ein E-Mail, in dem stand, dass sich jemand Zugriff zu meinem Yahoo Konto verschafft hat und zwar aus den U.S.A. Daraufhin änderte ich sofort mein Passwort, da ich aber nicht zuhause war, machte ich keinen Virenscan. Am nächsten Tag erhielt ich eine weitere E-Mail, dass sich jemand Zugriff auf meinen Twitch Account verschaffen wollte und wurde aufgefordert beim nächsten Login mein Passwort zu ändern. Das Passwort zu meinem Online Banking habe ich geändert, bisher wurde noch nichts abgebucht, kann da noch etwas passieren? Da ich in meinen 10 Lebensjahren noch nie gröbere Schwierigkeiten mit Viren o.Ä. (auf meinen Geräten) hatte, kam mir das alles sehr komisch vor. Heute früh ließ ich Avira auf alles scannen, was möglich ist. Als ich vor 20 Minuten nach Hause kam, waren da folgende Ergebnisse. Funde: 1 Warnungen: 2 (was bedeuten diese Warnungen?) Der Fund ist folgendes File: EXP/Java.Ternewb.Gen Außerdem steht im Reiter "Fehler", dass C:\Swapfile.sys nicht geöffnet werden konnte. Die Suchmaschine spuckt für mich nichts aus, was ich verstehen kann, bzw. was diesen Virus näher beschreibt. Allerdings habe ich einen Thread gefunden, wo ein nahmensänlicher (Ternub) File genannt wurde. Dort wurde Vorgeschlagen, den Rechner neu aufzusetzen. Das Gerät um das es sich handelt, ist ein Lenovo ideapad u330p. (Bei Cyberport bestellt) Knappe 4 Monate alt. Fertiggerät mit Windows 8  , keine Software CD Vorhanden.Installiert habe ich bis jetzt nicht viel. Open Office Osbuddy (ein Client mit dem man ein MMO namens Runescape spielen kann, bei dem viele sagen, dass fälschlicherweise Viren erkannt werden) Steam Mozilla Firefox Avira (Edit: Die Gratis Version) Spybot Search & Destroy Bitte um Hilfe und Infos! LG M Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 24. März 2015 10:46
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DONQUIXOTE_D
Versionsinformationen:
BUILD.DAT : 15.0.8.656 91858 Bytes 17.03.2015 13:02:00
AVSCAN.EXE : 15.0.8.652 1014064 Bytes 22.03.2015 00:37:24
AVSCANRC.DLL : 15.0.8.652 63792 Bytes 22.03.2015 00:37:24
LUKE.DLL : 15.0.8.652 60664 Bytes 22.03.2015 00:37:41
AVSCPLR.DLL : 15.0.8.652 93488 Bytes 22.03.2015 00:37:24
REPAIR.DLL : 15.0.8.652 365360 Bytes 22.03.2015 00:37:23
REPAIR.RDF : 1.0.6.78 822387 Bytes 23.03.2015 21:50:12
AVREG.DLL : 15.0.8.652 265464 Bytes 22.03.2015 00:37:22
AVLODE.DLL : 15.0.8.656 645368 Bytes 22.03.2015 00:37:21
AVLODE.RDF : 14.0.4.54 78895 Bytes 05.12.2014 19:34:50
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00220.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00221.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00222.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00223.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00224.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00225.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00226.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00227.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00228.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00229.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00230.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00231.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00232.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00233.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00234.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00235.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00236.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00237.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00238.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00239.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00240.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00241.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00242.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00243.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00244.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00245.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:12
XBV00246.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00247.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00248.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00249.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00250.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00251.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00252.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00253.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00254.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00255.VDF : 8.11.213.176 2048 Bytes 05.03.2015 20:41:13
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:02:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:02:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:02:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:02:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:02:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:02:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:02:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 13:02:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:02:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 13:02:30
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 13:02:30
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 17:12:11
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 16:28:24
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 02:34:18
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 23:24:54
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 17:31:19
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 20:41:07
XBV00042.VDF : 8.11.213.202 3584 Bytes 05.03.2015 20:41:07
XBV00043.VDF : 8.11.213.204 2048 Bytes 05.03.2015 20:41:07
XBV00044.VDF : 8.11.213.230 40960 Bytes 05.03.2015 20:41:07
XBV00045.VDF : 8.11.214.2 29184 Bytes 05.03.2015 20:41:07
XBV00046.VDF : 8.11.214.28 25088 Bytes 05.03.2015 10:33:14
XBV00047.VDF : 8.11.214.30 14848 Bytes 05.03.2015 10:33:14
XBV00048.VDF : 8.11.214.32 3072 Bytes 05.03.2015 10:33:15
XBV00049.VDF : 8.11.214.34 2048 Bytes 06.03.2015 10:33:15
XBV00050.VDF : 8.11.214.38 39424 Bytes 06.03.2015 10:33:15
XBV00051.VDF : 8.11.214.40 6656 Bytes 06.03.2015 10:33:15
XBV00052.VDF : 8.11.214.42 4608 Bytes 06.03.2015 10:33:15
XBV00053.VDF : 8.11.214.44 5120 Bytes 06.03.2015 10:33:15
XBV00054.VDF : 8.11.214.46 23552 Bytes 06.03.2015 17:18:57
XBV00055.VDF : 8.11.214.48 3072 Bytes 06.03.2015 17:18:57
XBV00056.VDF : 8.11.214.50 25600 Bytes 06.03.2015 17:18:57
XBV00057.VDF : 8.11.214.72 2048 Bytes 06.03.2015 17:18:57
XBV00058.VDF : 8.11.214.92 48128 Bytes 06.03.2015 17:18:57
XBV00059.VDF : 8.11.214.112 12800 Bytes 06.03.2015 15:31:48
XBV00060.VDF : 8.11.214.114 2560 Bytes 06.03.2015 15:31:48
XBV00061.VDF : 8.11.214.136 32256 Bytes 06.03.2015 15:31:49
XBV00062.VDF : 8.11.214.138 2048 Bytes 06.03.2015 15:31:49
XBV00063.VDF : 8.11.214.140 2048 Bytes 07.03.2015 15:31:49
XBV00064.VDF : 8.11.214.144 34304 Bytes 07.03.2015 15:31:49
XBV00065.VDF : 8.11.214.146 2048 Bytes 07.03.2015 15:31:49
XBV00066.VDF : 8.11.214.168 33792 Bytes 07.03.2015 05:16:29
XBV00067.VDF : 8.11.214.188 71168 Bytes 08.03.2015 21:40:20
XBV00068.VDF : 8.11.214.190 2048 Bytes 08.03.2015 21:40:20
XBV00069.VDF : 8.11.214.192 2048 Bytes 08.03.2015 21:40:20
XBV00070.VDF : 8.11.214.212 2048 Bytes 08.03.2015 21:40:20
XBV00071.VDF : 8.11.214.232 28672 Bytes 08.03.2015 21:40:20
XBV00072.VDF : 8.11.214.252 69120 Bytes 09.03.2015 13:40:55
XBV00073.VDF : 8.11.215.14 3584 Bytes 09.03.2015 13:40:55
XBV00074.VDF : 8.11.215.32 7168 Bytes 09.03.2015 13:40:55
XBV00075.VDF : 8.11.215.50 12800 Bytes 09.03.2015 13:40:55
XBV00076.VDF : 8.11.215.52 5120 Bytes 09.03.2015 13:40:55
XBV00077.VDF : 8.11.215.70 17920 Bytes 09.03.2015 19:40:52
XBV00078.VDF : 8.11.215.90 2048 Bytes 09.03.2015 19:40:52
XBV00079.VDF : 8.11.215.110 2048 Bytes 09.03.2015 19:40:52
XBV00080.VDF : 8.11.215.132 29696 Bytes 09.03.2015 18:53:59
XBV00081.VDF : 8.11.215.134 11264 Bytes 09.03.2015 18:53:59
XBV00082.VDF : 8.11.215.136 11264 Bytes 09.03.2015 18:53:59
XBV00083.VDF : 8.11.215.138 12288 Bytes 10.03.2015 18:53:59
XBV00084.VDF : 8.11.215.140 35840 Bytes 10.03.2015 18:53:59
XBV00085.VDF : 8.11.215.158 6144 Bytes 10.03.2015 18:53:59
XBV00086.VDF : 8.11.215.174 5632 Bytes 10.03.2015 18:53:59
XBV00087.VDF : 8.11.215.190 8704 Bytes 10.03.2015 18:53:59
XBV00088.VDF : 8.11.215.206 19968 Bytes 10.03.2015 18:53:59
XBV00089.VDF : 8.11.215.222 12800 Bytes 10.03.2015 18:53:59
XBV00090.VDF : 8.11.215.226 2048 Bytes 10.03.2015 18:53:59
XBV00091.VDF : 8.11.215.230 14336 Bytes 10.03.2015 18:53:59
XBV00092.VDF : 8.11.215.234 26112 Bytes 10.03.2015 00:53:08
XBV00093.VDF : 8.11.215.236 11776 Bytes 10.03.2015 00:53:08
XBV00094.VDF : 8.11.215.240 22016 Bytes 11.03.2015 17:23:54
XBV00095.VDF : 8.11.215.242 2048 Bytes 11.03.2015 17:23:54
XBV00096.VDF : 8.11.215.244 2048 Bytes 11.03.2015 17:23:54
XBV00097.VDF : 8.11.216.4 7680 Bytes 11.03.2015 17:23:54
XBV00098.VDF : 8.11.216.20 12800 Bytes 11.03.2015 17:23:54
XBV00099.VDF : 8.11.216.36 19968 Bytes 11.03.2015 17:23:54
XBV00100.VDF : 8.11.216.52 2560 Bytes 11.03.2015 17:23:54
XBV00101.VDF : 8.11.216.54 22016 Bytes 11.03.2015 17:23:54
XBV00102.VDF : 8.11.216.56 8192 Bytes 11.03.2015 11:48:11
XBV00103.VDF : 8.11.216.58 4608 Bytes 11.03.2015 11:48:11
XBV00104.VDF : 8.11.216.60 16896 Bytes 11.03.2015 11:48:11
XBV00105.VDF : 8.11.216.76 14336 Bytes 11.03.2015 11:48:11
XBV00106.VDF : 8.11.216.90 30208 Bytes 11.03.2015 11:48:11
XBV00107.VDF : 8.11.216.104 5632 Bytes 12.03.2015 11:48:11
XBV00108.VDF : 8.11.216.118 6656 Bytes 12.03.2015 11:48:11
XBV00109.VDF : 8.11.216.120 24576 Bytes 12.03.2015 11:48:11
XBV00110.VDF : 8.11.216.122 16896 Bytes 12.03.2015 00:37:46
XBV00111.VDF : 8.11.216.124 2048 Bytes 12.03.2015 00:37:47
XBV00112.VDF : 8.11.216.138 16896 Bytes 12.03.2015 00:37:47
XBV00113.VDF : 8.11.216.140 2048 Bytes 12.03.2015 00:37:47
XBV00114.VDF : 8.11.216.154 3584 Bytes 12.03.2015 00:37:47
XBV00115.VDF : 8.11.216.168 2048 Bytes 12.03.2015 00:37:47
XBV00116.VDF : 8.11.216.182 70144 Bytes 12.03.2015 00:37:48
XBV00117.VDF : 8.11.216.196 2048 Bytes 13.03.2015 00:37:48
XBV00118.VDF : 8.11.216.200 46080 Bytes 13.03.2015 00:37:48
XBV00119.VDF : 8.11.216.214 11776 Bytes 13.03.2015 00:37:48
XBV00120.VDF : 8.11.216.228 4096 Bytes 13.03.2015 00:37:48
XBV00121.VDF : 8.11.216.242 2560 Bytes 13.03.2015 00:37:48
XBV00122.VDF : 8.11.216.254 2560 Bytes 13.03.2015 00:37:49
XBV00123.VDF : 8.11.217.10 7680 Bytes 13.03.2015 00:37:49
XBV00124.VDF : 8.11.217.14 2048 Bytes 13.03.2015 00:37:49
XBV00125.VDF : 8.11.217.16 24576 Bytes 13.03.2015 00:37:49
XBV00126.VDF : 8.11.217.22 17408 Bytes 13.03.2015 00:37:49
XBV00127.VDF : 8.11.217.24 2048 Bytes 13.03.2015 00:37:49
XBV00128.VDF : 8.11.217.26 2048 Bytes 13.03.2015 00:37:50
XBV00129.VDF : 8.11.217.28 15872 Bytes 13.03.2015 00:37:50
XBV00130.VDF : 8.11.217.42 84480 Bytes 14.03.2015 00:37:50
XBV00131.VDF : 8.11.217.54 2048 Bytes 14.03.2015 00:37:50
XBV00132.VDF : 8.11.217.66 2048 Bytes 14.03.2015 00:37:50
XBV00133.VDF : 8.11.217.78 19456 Bytes 14.03.2015 00:37:50
XBV00134.VDF : 8.11.217.90 71680 Bytes 15.03.2015 00:37:51
XBV00135.VDF : 8.11.217.102 2048 Bytes 15.03.2015 00:37:51
XBV00136.VDF : 8.11.217.124 6656 Bytes 15.03.2015 00:37:51
XBV00137.VDF : 8.11.217.136 76800 Bytes 16.03.2015 00:37:51
XBV00138.VDF : 8.11.217.146 3584 Bytes 16.03.2015 00:37:51
XBV00139.VDF : 8.11.217.156 3584 Bytes 16.03.2015 00:37:52
XBV00140.VDF : 8.11.217.166 4096 Bytes 16.03.2015 00:37:52
XBV00141.VDF : 8.11.217.176 12288 Bytes 16.03.2015 00:37:52
XBV00142.VDF : 8.11.217.186 13312 Bytes 16.03.2015 00:37:52
XBV00143.VDF : 8.11.217.188 24064 Bytes 16.03.2015 00:37:52
XBV00144.VDF : 8.11.217.194 7680 Bytes 16.03.2015 00:37:52
XBV00145.VDF : 8.11.217.198 31232 Bytes 16.03.2015 00:37:53
XBV00146.VDF : 8.11.217.208 13824 Bytes 16.03.2015 00:37:53
XBV00147.VDF : 8.11.217.216 7680 Bytes 16.03.2015 00:37:53
XBV00148.VDF : 8.11.217.224 2048 Bytes 17.03.2015 00:37:53
XBV00149.VDF : 8.11.217.232 23552 Bytes 17.03.2015 00:37:53
XBV00150.VDF : 8.11.217.240 7168 Bytes 17.03.2015 00:37:53
XBV00151.VDF : 8.11.217.242 9216 Bytes 17.03.2015 00:37:54
XBV00152.VDF : 8.11.217.244 13824 Bytes 17.03.2015 00:37:54
XBV00153.VDF : 8.11.217.252 4608 Bytes 17.03.2015 00:37:54
XBV00154.VDF : 8.11.218.4 10240 Bytes 17.03.2015 00:37:54
XBV00155.VDF : 8.11.218.6 12800 Bytes 17.03.2015 00:37:54
XBV00156.VDF : 8.11.218.16 14848 Bytes 17.03.2015 00:37:54
XBV00157.VDF : 8.11.218.20 2048 Bytes 17.03.2015 00:37:54
XBV00158.VDF : 8.11.218.28 4096 Bytes 17.03.2015 00:37:55
XBV00159.VDF : 8.11.218.30 25600 Bytes 17.03.2015 00:37:55
XBV00160.VDF : 8.11.218.32 2048 Bytes 17.03.2015 00:37:55
XBV00161.VDF : 8.11.218.34 18432 Bytes 17.03.2015 00:37:55
XBV00162.VDF : 8.11.218.38 26112 Bytes 18.03.2015 00:37:55
XBV00163.VDF : 8.11.218.46 4096 Bytes 18.03.2015 00:37:55
XBV00164.VDF : 8.11.218.52 3584 Bytes 18.03.2015 00:37:55
XBV00165.VDF : 8.11.218.66 5120 Bytes 18.03.2015 00:37:55
XBV00166.VDF : 8.11.218.78 24576 Bytes 18.03.2015 00:37:56
XBV00167.VDF : 8.11.218.88 15360 Bytes 18.03.2015 00:37:56
XBV00168.VDF : 8.11.218.98 17408 Bytes 18.03.2015 00:37:56
XBV00169.VDF : 8.11.218.100 10240 Bytes 18.03.2015 00:37:56
XBV00170.VDF : 8.11.218.102 7680 Bytes 18.03.2015 00:37:56
XBV00171.VDF : 8.11.218.106 39936 Bytes 19.03.2015 00:37:57
XBV00172.VDF : 8.11.218.116 37888 Bytes 19.03.2015 00:37:57
XBV00173.VDF : 8.11.218.126 14336 Bytes 19.03.2015 00:37:57
XBV00174.VDF : 8.11.218.136 58880 Bytes 19.03.2015 00:37:57
XBV00175.VDF : 8.11.218.148 79872 Bytes 19.03.2015 00:37:57
XBV00176.VDF : 8.11.218.150 16896 Bytes 19.03.2015 00:37:58
XBV00177.VDF : 8.11.218.152 2048 Bytes 19.03.2015 00:37:58
XBV00178.VDF : 8.11.218.156 44032 Bytes 20.03.2015 00:37:58
XBV00179.VDF : 8.11.218.158 2048 Bytes 20.03.2015 00:37:58
XBV00180.VDF : 8.11.218.168 13312 Bytes 20.03.2015 00:37:58
XBV00181.VDF : 8.11.218.176 7680 Bytes 20.03.2015 00:37:58
XBV00182.VDF : 8.11.218.184 2048 Bytes 20.03.2015 00:37:58
XBV00183.VDF : 8.11.218.192 11264 Bytes 20.03.2015 00:37:58
XBV00184.VDF : 8.11.218.194 15360 Bytes 20.03.2015 00:37:58
XBV00185.VDF : 8.11.218.198 2048 Bytes 20.03.2015 00:37:59
XBV00186.VDF : 8.11.218.206 2048 Bytes 20.03.2015 00:37:59
XBV00187.VDF : 8.11.218.214 2048 Bytes 20.03.2015 00:37:59
XBV00188.VDF : 8.11.218.222 18432 Bytes 20.03.2015 00:37:59
XBV00189.VDF : 8.11.218.224 18944 Bytes 20.03.2015 00:37:59
XBV00190.VDF : 8.11.218.226 2048 Bytes 20.03.2015 00:37:59
XBV00191.VDF : 8.11.218.228 28160 Bytes 20.03.2015 00:37:59
XBV00192.VDF : 8.11.218.230 2048 Bytes 20.03.2015 00:37:59
XBV00193.VDF : 8.11.218.232 14336 Bytes 20.03.2015 00:37:59
XBV00194.VDF : 8.11.218.238 42496 Bytes 21.03.2015 00:37:59
XBV00195.VDF : 8.11.218.240 2048 Bytes 21.03.2015 00:37:59
XBV00196.VDF : 8.11.218.248 24576 Bytes 21.03.2015 00:37:59
XBV00197.VDF : 8.11.218.250 2048 Bytes 21.03.2015 00:37:59
XBV00198.VDF : 8.11.218.252 2048 Bytes 21.03.2015 00:37:59
XBV00199.VDF : 8.11.219.10 33792 Bytes 21.03.2015 00:37:59
XBV00200.VDF : 8.11.219.18 44544 Bytes 22.03.2015 12:37:04
XBV00201.VDF : 8.11.219.26 2048 Bytes 22.03.2015 12:37:04
XBV00202.VDF : 8.11.219.34 8192 Bytes 22.03.2015 12:37:04
XBV00203.VDF : 8.11.219.36 18944 Bytes 22.03.2015 20:14:58
XBV00204.VDF : 8.11.219.38 66560 Bytes 23.03.2015 21:50:09
XBV00205.VDF : 8.11.219.46 2048 Bytes 23.03.2015 21:50:09
XBV00206.VDF : 8.11.219.52 7168 Bytes 23.03.2015 21:50:09
XBV00207.VDF : 8.11.219.58 7680 Bytes 23.03.2015 21:50:09
XBV00208.VDF : 8.11.219.64 8192 Bytes 23.03.2015 21:50:09
XBV00209.VDF : 8.11.219.66 7168 Bytes 23.03.2015 21:50:09
XBV00210.VDF : 8.11.219.68 12800 Bytes 23.03.2015 21:50:09
XBV00211.VDF : 8.11.219.70 25088 Bytes 23.03.2015 21:50:09
XBV00212.VDF : 8.11.219.74 2048 Bytes 23.03.2015 21:50:09
XBV00213.VDF : 8.11.219.76 33280 Bytes 23.03.2015 21:50:09
XBV00214.VDF : 8.11.219.80 22016 Bytes 23.03.2015 09:35:36
XBV00215.VDF : 8.11.219.82 8192 Bytes 23.03.2015 09:35:36
XBV00216.VDF : 8.11.219.84 22528 Bytes 24.03.2015 09:35:36
XBV00217.VDF : 8.11.219.90 4096 Bytes 24.03.2015 09:35:36
XBV00218.VDF : 8.11.219.96 6656 Bytes 24.03.2015 09:35:36
XBV00219.VDF : 8.11.219.102 5120 Bytes 24.03.2015 09:35:36
LOCAL000.VDF : 8.11.219.102 125547520 Bytes 24.03.2015 09:35:53
Engineversion : 8.3.30.4
AEVDF.DLL : 8.3.1.6 133992 Bytes 23.10.2014 13:01:55
AESCRIPT.DLL : 8.2.2.58 560248 Bytes 22.03.2015 00:37:17
AESCN.DLL : 8.3.2.2 139456 Bytes 23.10.2014 13:01:55
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 17:31:17
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 18:07:54
AEPACK.DLL : 8.4.0.62 793456 Bytes 20.02.2015 18:53:30
AEOFFICE.DLL : 8.3.1.14 354216 Bytes 10.03.2015 18:53:19
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 10.03.2015 18:53:20
AEHEUR.DLL : 8.1.4.1606 8256368 Bytes 22.03.2015 00:37:17
AEHELP.DLL : 8.3.2.0 281456 Bytes 22.03.2015 00:37:15
AEGEN.DLL : 8.1.7.40 456608 Bytes 20.12.2014 10:03:20
AEEXP.DLL : 8.4.2.70 255904 Bytes 06.02.2015 23:32:49
AEEMU.DLL : 8.1.3.4 399264 Bytes 23.10.2014 13:01:55
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 18:53:20
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 15:10:18
AEBB.DLL : 8.1.2.0 60448 Bytes 23.10.2014 13:01:55
AVWINLL.DLL : 15.0.8.652 25904 Bytes 22.03.2015 00:37:15
AVPREF.DLL : 15.0.8.652 53248 Bytes 22.03.2015 00:37:22
AVREP.DLL : 15.0.8.652 221432 Bytes 22.03.2015 00:37:23
AVARKT.DLL : 15.0.8.652 228088 Bytes 22.03.2015 00:37:18
AVEVTLOG.DLL : 15.0.8.652 183600 Bytes 22.03.2015 00:37:20
SQLITE3.DLL : 15.0.8.652 456440 Bytes 22.03.2015 00:37:46
AVSMTP.DLL : 15.0.8.652 79360 Bytes 22.03.2015 00:37:25
NETNT.DLL : 15.0.8.652 17352 Bytes 22.03.2015 00:37:41
RCIMAGE.DLL : 15.0.8.652 4864816 Bytes 22.03.2015 00:37:15
RCTEXT.DLL : 15.0.8.652 75056 Bytes 22.03.2015 00:37:15
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 24. März 2015 10:46
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibtrksrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTAgent.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'MaxthonUpdateSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService9x64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'PGService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo64.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDFSSvc.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'VfConnectorService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZeroConfigService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '197' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDIntelligent.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'skydrive.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTFTrack.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Energy Manager.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'utility.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'HostAppServiceUpdater.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'iSCTsysTray8.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'wwahost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveComm.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '27' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\WINDOWS\system32\svchost.exe'
Signiert -> 'C:\WINDOWS\system32\winlogon.exe'
Signiert -> 'C:\WINDOWS\explorer.exe'
Signiert -> 'C:\WINDOWS\system32\smss.exe'
Signiert -> 'C:\WINDOWS\system32\wininet.DLL'
Signiert -> 'C:\WINDOWS\system32\wsock32.DLL'
Signiert -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signiert -> 'C:\WINDOWS\system32\services.exe'
Signiert -> 'C:\WINDOWS\system32\lsass.exe'
Signiert -> 'C:\WINDOWS\system32\csrss.exe'
Signiert -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signiert -> 'C:\WINDOWS\system32\spoolsv.exe'
Signiert -> 'C:\WINDOWS\system32\alg.exe'
Signiert -> 'C:\WINDOWS\system32\wuauclt.exe'
Signiert -> 'C:\WINDOWS\system32\advapi32.DLL'
Signiert -> 'C:\WINDOWS\system32\user32.DLL'
Signiert -> 'C:\WINDOWS\system32\gdi32.DLL'
Signiert -> 'C:\WINDOWS\system32\kernel32.DLL'
Signiert -> 'C:\WINDOWS\system32\ntdll.DLL'
Signiert -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signiert -> 'C:\WINDOWS\system32\drivers\beep.sys'
Signiert -> 'C:\WINDOWS\system32\ctfmon.exe'
Signiert -> 'C:\WINDOWS\system32\imm32.dll'
Signiert -> 'C:\WINDOWS\system32\dsound.dll'
Signiert -> 'C:\WINDOWS\system32\aclui.dll'
Signiert -> 'C:\WINDOWS\system32\msvcrt.dll'
Signiert -> 'C:\WINDOWS\system32\d3d9.dll'
Signiert -> 'C:\WINDOWS\system32\dnsapi.dll'
Signiert -> 'C:\WINDOWS\system32\mshtml.dll'
Signiert -> 'C:\WINDOWS\system32\regsvr32.exe'
Signiert -> 'C:\WINDOWS\system32\rundll32.exe'
Signiert -> 'C:\WINDOWS\system32\userinit.exe'
Signiert -> 'C:\WINDOWS\system32\reg.exe'
Signiert -> 'C:\WINDOWS\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2482' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows8_OS>
C:\swapfile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Users\Max\OSBuddy\loader.jar
[0] Archivtyp: ZIP
--> com/ggnoreyd.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Desinfektion:
C:\Users\Max\OSBuddy\loader.jar
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternewb.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5311030e.qua' verschoben!
Ende des Suchlaufs: Dienstag, 24. März 2015 18:35
Benötigte Zeit: 2:10:49 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40608 Verzeichnisse wurden überprüft
768497 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
768495 Dateien ohne Befall
6156 Archive wurden durchsucht
2 Warnungen
1 Hinweise
1384 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Geändert von himynameis (24.03.2015 um 18:43 Uhr) |
|
24.03.2015, 18:46
| #2 |
| /// the machine /// TB-Ausbilder    | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.03.2015, 19:52
| #3 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Erledigt, hier sind die .txt Files.
__________________Scanne gerade meinen Hauptrechner, wo kein Mist oben sein sollte, auch mit Avira. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Max (administrator) on DONQUIXOTE_D on 24-03-2015 18:47:55
Running from C:\Users\Max\Downloads
Loaded Profiles: Max (Available profiles: Max)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Pokki) C:\Users\Max\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> DefaultScope {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL =
SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-03-19]
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20]
Chrome:
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06]
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06]
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 18:47 - 2015-03-24 18:48 - 00020080 _____ () C:\Users\Max\Downloads\FRST.txt
2015-03-24 18:47 - 2015-03-24 18:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2015-03-24 18:47 - 2015-03-24 18:47 - 00000000 ____D () C:\FRST
2015-03-10 21:01 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 21:01 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 21:01 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 21:01 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 21:01 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 20:59 - 2015-01-30 04:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-10 20:59 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 20:59 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 20:59 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 20:59 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 20:59 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 20:59 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 19:59 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 19:59 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 19:59 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 19:59 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 19:59 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 19:59 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 19:59 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 19:59 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 19:59 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 19:59 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 19:59 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 19:59 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 19:59 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 19:59 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 19:59 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 19:59 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 19:59 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 19:59 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 19:59 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 19:59 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 19:59 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-10 19:58 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 19:58 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 19:58 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 19:58 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 19:58 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 19:58 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 19:58 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 19:58 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 19:58 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 19:58 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 19:58 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 19:58 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 19:58 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 19:58 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 19:58 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 19:58 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 19:58 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 19:58 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 19:58 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 19:58 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 19:58 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 19:58 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 19:58 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 19:58 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 19:58 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 19:58 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 19:58 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 19:58 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 19:58 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 19:58 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 19:58 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 19:58 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 19:58 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 19:58 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 19:58 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 19:58 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 19:58 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 19:58 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 19:58 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 19:58 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 19:58 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 19:57 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 19:57 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 19:57 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 19:57 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 18:44 - 2014-12-26 01:01 - 00000000 ____D () C:\Users\Max\OSBuddy
2015-03-24 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-24 17:55 - 2014-11-06 16:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 12:11 - 2014-07-06 22:06 - 01682780 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-24 10:36 - 2014-11-03 14:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki
2015-03-24 10:35 - 2014-11-06 16:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 10:35 - 2014-11-03 14:45 - 00000000 ___DO () C:\Users\Max\OneDrive
2015-03-22 21:26 - 2013-08-22 15:46 - 00049788 _____ () C:\WINDOWS\setupact.log
2015-03-22 21:15 - 2014-12-21 12:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat
2015-03-22 15:52 - 2015-02-01 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 20:21 - 2014-11-03 14:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001
2015-03-21 19:56 - 2014-11-06 16:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 02:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-19 21:39 - 2014-11-26 15:55 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-03-19 21:39 - 2014-07-06 23:26 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-03-12 13:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-11 12:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 12:18 - 2013-08-22 15:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 12:17 - 2014-03-18 10:44 - 00148610 _____ () C:\WINDOWS\PFRO.log
2015-03-11 03:34 - 2014-07-06 23:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-11 03:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 03:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 23:26 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-10 23:25 - 2014-11-07 23:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-10 23:19 - 2014-11-07 23:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 19:53 - 2014-11-29 18:13 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-10 19:53 - 2014-11-29 18:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 19:53 - 2014-11-29 18:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-08 19:16 - 2014-07-07 07:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-08 19:16 - 2014-07-07 07:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-08 19:16 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-05 21:41 - 2014-11-29 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 21:41 - 2014-11-29 18:03 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-05 21:41 - 2014-07-06 22:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-04 22:24 - 2014-11-16 11:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-11-16 11:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-28 20:36 - 2014-11-03 14:41 - 00000000 ____D () C:\Users\Max
==================== Files in the root of some directories =======
2014-07-06 22:48 - 2014-07-06 22:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Max\jagex_cl_oldschool_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE.dat
C:\Users\Max\jagex_cl_runescape_LIVE1.dat
C:\Users\Max\random.dat
Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe
C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe
C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-23 23:40
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Max at 2015-03-24 18:48:43
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Energy Manager (x32 Version: 1.0.0.32 - Lenovo) Hidden
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Pokki) (Version: 0.269.7.573 - Pokki)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{8B4EA042-9E21-46FB-8286-225F4D51CC52}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - Ihr Firmenname)
Lenovo Motion Control (x32 Version: 2.0.0.0807 - Ihr Firmenname) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.27.3 - ELAN Microelectronic Corp.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu (HKU\S-1-5-21-4212791573-526093383-3597010243-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-03-2015 13:01:09 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2014-11-17 20:06 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {42B31502-00C5-4A2B-8C54-B353B26DF556} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {43E88633-734E-4F81-9357-D2BEFD58B2FD} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-10-14] (Maxthon International ltd.)
Task: {770B8E72-3A0D-479A-A6A8-693CB96351D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {852F7A92-F9BC-4488-9039-4AA8B48BF47D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {AD33900E-885F-4EF1-AC8B-FF0B0D526E5D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CDA298C1-DE4E-4EA9-8085-6026B37F40B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {D98E9C29-B068-4C39-81DF-9D720258875A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)
Task: {E1BAE734-7D03-419A-8784-A6C222B885F0} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4212791573-526093383-3597010243-1001
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-07-06 23:23 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-07-06 23:24 - 2014-07-06 23:24 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-07-06 23:24 - 2014-07-06 23:24 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-01-20 14:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-20 14:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-20 14:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-20 14:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-20 14:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-06 22:34 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-08-07 15:12 - 2013-08-07 15:12 - 02428416 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2015-03-21 19:56 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 19:56 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-4212791573-526093383-3597010243-500 - Administrator - Disabled)
Gast (S-1-5-21-4212791573-526093383-3597010243-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212791573-526093383-3597010243-1003 - Limited - Enabled)
Max (S-1-5-21-4212791573-526093383-3597010243-1001 - Administrator - Enabled) => C:\Users\Max
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (7564) Instance: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf.
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:16:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:15:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (03/24/2015 00:15:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (7564) Instance: Versuch, Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
System errors:
=============
Error: (03/24/2015 11:55:50 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.
Error: (03/22/2015 05:44:45 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/22/2015 05:44:45 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/22/2015 05:44:42 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/22/2015 05:44:42 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/22/2015 05:44:37 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}
Error: (03/11/2015 07:34:35 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/11/2015 02:32:44 PM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}
Error: (03/11/2015 03:32:53 AM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 03:32:53 AM) (Source: DCOM) (EventID: 10010) (User: DONQUIXOTE_D)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost7564Instance: -1032
Error: (03/24/2015 00:17:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:16:00 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:15:50 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (03/24/2015 00:15:40 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost7564Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
CodeIntegrity Errors:
===================================
Date: 2015-01-07 18:46:34.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-26 21:32:17.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-26 21:31:55.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-26 21:29:22.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-26 21:29:20.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 64%
Total physical RAM: 4019.27 MB
Available physical RAM: 1428.97 MB
Total Pagefile: 5908.51 MB
Available Pagefile: 2412.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:424.14 GB) (Free:388.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 539E40C5)
Partition: GPT Partition Type.
==================== End Of Log ============================
Tut mir Leid, dass ich einen Doppelpost mache, aber gerade ist folgendes passiert. Ich habe auf meinem Hauptrechner wohl auch Viren, bis jetzt wurden schon 8 gefunden, was mich total schockiert! (unter anderem ist auch der JAVA.Ternewb.Gen gefunden worden) Es wird wohl noch eine Stunde dauern, bis der ganze PC gescannt ist, kann ich dann in diesem Topic ebenfalls Logs posten, oder soll ich einen neuen Thread aufmachen? Tut mir Leid, falls das mit dem Laptop ein falscher Anlauf war. |
|
25.03.2015, 12:30
| #4 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Mach für den andern Rechner bitte ein neues Thema. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 14:03
| #5 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Malware Bytes sagt: Scan finished. No malware found! Soll ich weitermachen mit TDSS Killer? |
|
26.03.2015, 19:28
| #6 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen jup 
__________________ --> Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen |
|
27.03.2015, 18:33
| #7 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Okay also TDSS hat auch nichts gefunden Hier der Log Code:
ATTFilter 18:12:26.0065 0x19c8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:12:26.0065 0x19c8 UEFI system
18:12:33.0004 0x19c8 ============================================================
18:12:33.0004 0x19c8 Current date / time: 2015/03/27 18:12:33.0004
18:12:33.0004 0x19c8 SystemInfo:
18:12:33.0004 0x19c8
18:12:33.0004 0x19c8 OS Version: 6.3.9600 ServicePack: 0.0
18:12:33.0004 0x19c8 Product type: Workstation
18:12:33.0004 0x19c8 ComputerName: DONQUIXOTE_D
18:12:33.0004 0x19c8 UserName: Max
18:12:33.0004 0x19c8 Windows directory: C:\WINDOWS
18:12:33.0004 0x19c8 System windows directory: C:\WINDOWS
18:12:33.0004 0x19c8 Running under WOW64
18:12:33.0004 0x19c8 Processor architecture: Intel x64
18:12:33.0004 0x19c8 Number of processors: 4
18:12:33.0004 0x19c8 Page size: 0x1000
18:12:33.0004 0x19c8 Boot type: Normal boot
18:12:33.0004 0x19c8 ============================================================
18:12:33.0160 0x19c8 KLMD registered as C:\WINDOWS\system32\drivers\78600274.sys
18:12:33.0754 0x19c8 System UUID: {D45413D8-F926-007F-D338-F812C77F57FB}
18:12:34.0989 0x19c8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:12:35.0004 0x19c8 ============================================================
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0:
18:12:35.0004 0x19c8 GPT partitions:
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CB0D42D6-F61D-4703-8693-02B7785B6254}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0BE8BD54-2EC5-4A07-8E36-61FA08BC3161}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {652066B3-BFE1-4BDC-8276-7DFC95BB5CA4}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {00D5DD85-C6FC-4C57-81FC-D72729E267B1}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96764A33-FF7B-4D48-B5CF-39072EC9B9AE}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x35046000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8DCA223E-DCCC-415A-99EA-4A7F29CC98D7}, Name: Basic data partition, StartLBA 0x354F0800, BlocksNum 0x3200000
18:12:35.0004 0x19c8 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {378341F9-F0A4-4B5F-9E86-9F52DC261B8E}, Name: Basic data partition, StartLBA 0x386F0800, BlocksNum 0x1C95800
18:12:35.0004 0x19c8 MBR partitions:
18:12:35.0004 0x19c8 ============================================================
18:12:35.0004 0x19c8 C: <-> \Device\Harddisk0\DR0\Partition5
18:12:35.0051 0x19c8 D: <-> \Device\Harddisk0\DR0\Partition6
18:12:35.0051 0x19c8 ============================================================
18:12:35.0051 0x19c8 Initialize success
18:12:35.0051 0x19c8 ============================================================
18:13:09.0846 0x19a0 ============================================================
18:13:09.0846 0x19a0 Scan started
18:13:09.0846 0x19a0 Mode: Manual; SigCheck; TDLFS;
18:13:09.0846 0x19a0 ============================================================
18:13:09.0846 0x19a0 KSN ping started
18:13:12.0230 0x19a0 KSN ping finished: true
18:13:12.0875 0x19a0 ================ Scan system memory ========================
18:13:12.0875 0x19a0 System memory - ok
18:13:12.0875 0x19a0 ================ Scan services =============================
18:13:12.0976 0x19a0 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
18:13:13.0085 0x19a0 1394ohci - ok
18:13:13.0116 0x19a0 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
18:13:13.0139 0x19a0 3ware - ok
18:13:13.0188 0x19a0 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
18:13:13.0223 0x19a0 ACPI - ok
18:13:13.0237 0x19a0 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
18:13:13.0256 0x19a0 acpiex - ok
18:13:13.0262 0x19a0 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
18:13:13.0295 0x19a0 acpipagr - ok
18:13:13.0299 0x19a0 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
18:13:13.0341 0x19a0 AcpiPmi - ok
18:13:13.0346 0x19a0 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
18:13:13.0379 0x19a0 acpitime - ok
18:13:13.0413 0x19a0 [ AF7A18603B0B82DFA5B420456FAF2201, 64AD831433778BB0B0B1615EEA7682960ED5815A091A9EFEE95A862EFBDE6D69 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
18:13:13.0420 0x19a0 ACPIVPC - ok
18:13:13.0444 0x19a0 [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys
18:13:13.0444 0x19a0 acsock - ok
18:13:13.0491 0x19a0 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:13:13.0522 0x19a0 ADP80XX - ok
18:13:13.0554 0x19a0 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:13:13.0601 0x19a0 AeLookupSvc - ok
18:13:13.0663 0x19a0 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
18:13:13.0710 0x19a0 AFD - ok
18:13:13.0710 0x19a0 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
18:13:13.0726 0x19a0 agp440 - ok
18:13:13.0757 0x19a0 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:13:13.0854 0x19a0 ahcache - ok
18:13:13.0868 0x19a0 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe
18:13:13.0946 0x19a0 ALG - ok
18:13:13.0963 0x19a0 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
18:13:14.0012 0x19a0 AmdK8 - ok
18:13:14.0051 0x19a0 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
18:13:14.0103 0x19a0 AmdPPM - ok
18:13:14.0114 0x19a0 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
18:13:14.0126 0x19a0 amdsata - ok
18:13:14.0136 0x19a0 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
18:13:14.0154 0x19a0 amdsbs - ok
18:13:14.0160 0x19a0 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
18:13:14.0170 0x19a0 amdxata - ok
18:13:14.0274 0x19a0 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:13:14.0306 0x19a0 AntiVirSchedulerService - ok
18:13:14.0321 0x19a0 [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:13:14.0337 0x19a0 AntiVirService - ok
18:13:14.0337 0x19a0 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys
18:13:14.0384 0x19a0 AppID - ok
18:13:14.0384 0x19a0 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
18:13:14.0399 0x19a0 AppIDSvc - ok
18:13:14.0399 0x19a0 [ 7667B9D81EA8FD6540E6CF72F92161A6, 98F3D0E376F715EBE083FE112CAA640BCE0F13DCE0F244D059D7FA019EA3D24C ] Appinfo C:\WINDOWS\System32\appinfo.dll
18:13:14.0446 0x19a0 Appinfo - ok
18:13:14.0462 0x19a0 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
18:13:14.0524 0x19a0 AppReadiness - ok
18:13:14.0556 0x19a0 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
18:13:14.0634 0x19a0 AppXSvc - ok
18:13:14.0649 0x19a0 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
18:13:14.0649 0x19a0 arcsas - ok
18:13:14.0665 0x19a0 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:13:14.0681 0x19a0 atapi - ok
18:13:14.0681 0x19a0 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:13:14.0712 0x19a0 AudioEndpointBuilder - ok
18:13:14.0759 0x19a0 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
18:13:14.0846 0x19a0 Audiosrv - ok
18:13:14.0857 0x19a0 [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:13:14.0873 0x19a0 avgntflt - ok
18:13:14.0883 0x19a0 [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:13:14.0897 0x19a0 avipbb - ok
18:13:14.0943 0x19a0 [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
18:13:14.0959 0x19a0 Avira.OE.ServiceHost - ok
18:13:14.0965 0x19a0 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:13:14.0977 0x19a0 avkmgr - ok
18:13:14.0998 0x19a0 [ 943B743BEA5AE4EEA43250FFCC99C522, 387966A350796EFB6682A975D66F057B622296F6ADF4AFCEECD9F775BA97BFE6 ] AX88772 C:\WINDOWS\system32\DRIVERS\ax88772.sys
18:13:15.0043 0x19a0 AX88772 - ok
18:13:15.0052 0x19a0 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
18:13:15.0071 0x19a0 AxInstSV - ok
18:13:15.0114 0x19a0 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
18:13:15.0141 0x19a0 b06bdrv - ok
18:13:15.0161 0x19a0 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:13:15.0179 0x19a0 BasicDisplay - ok
18:13:15.0195 0x19a0 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
18:13:15.0210 0x19a0 BasicRender - ok
18:13:15.0210 0x19a0 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
18:13:15.0210 0x19a0 bcmfn2 - ok
18:13:15.0242 0x19a0 [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
18:13:15.0273 0x19a0 BDESVC - ok
18:13:15.0304 0x19a0 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:13:15.0382 0x19a0 Beep - ok
18:13:15.0445 0x19a0 [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\WINDOWS\System32\bfe.dll
18:13:15.0492 0x19a0 BFE - ok
18:13:15.0570 0x19a0 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll
18:13:15.0688 0x19a0 BITS - ok
18:13:15.0755 0x19a0 [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:13:15.0793 0x19a0 Bluetooth Device Monitor - ok
18:13:15.0830 0x19a0 [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:13:15.0868 0x19a0 Bluetooth OBEX Service - ok
18:13:15.0884 0x19a0 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
18:13:15.0929 0x19a0 bowser - ok
18:13:15.0939 0x19a0 [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:13:15.0968 0x19a0 BrokerInfrastructure - ok
18:13:15.0976 0x19a0 [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser C:\WINDOWS\System32\browser.dll
18:13:15.0998 0x19a0 Browser - ok
18:13:15.0998 0x19a0 [ F4CB6F457D019857C8DB6F04CA2957F5, D9E7DD49AF9C38D1696045F6004E1B504A65227B41256961E28A8DCA9B068EA9 ] BthA2DP C:\WINDOWS\system32\drivers\BthA2DP.sys
18:13:16.0029 0x19a0 BthA2DP - ok
18:13:16.0045 0x19a0 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:13:16.0060 0x19a0 BthAvrcpTg - ok
18:13:16.0107 0x19a0 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
18:13:16.0107 0x19a0 BthEnum - ok
18:13:16.0123 0x19a0 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
18:13:16.0154 0x19a0 BthHFEnum - ok
18:13:16.0170 0x19a0 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
18:13:16.0170 0x19a0 bthhfhid - ok
18:13:16.0217 0x19a0 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
18:13:16.0232 0x19a0 BthLEEnum - ok
18:13:16.0248 0x19a0 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
18:13:16.0263 0x19a0 BTHMODEM - ok
18:13:16.0279 0x19a0 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
18:13:16.0295 0x19a0 BthPan - ok
18:13:16.0357 0x19a0 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
18:13:16.0482 0x19a0 BTHPORT - ok
18:13:16.0482 0x19a0 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll
18:13:16.0513 0x19a0 bthserv - ok
18:13:16.0529 0x19a0 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
18:13:16.0545 0x19a0 BTHUSB - ok
18:13:16.0576 0x19a0 [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux C:\WINDOWS\system32\DRIVERS\btmaux.sys
18:13:16.0576 0x19a0 btmaux - ok
18:13:16.0638 0x19a0 [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:13:16.0662 0x19a0 btmhsf - ok
18:13:16.0724 0x19a0 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:13:16.0771 0x19a0 cdfs - ok
18:13:16.0787 0x19a0 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
18:13:16.0834 0x19a0 cdrom - ok
18:13:16.0865 0x19a0 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
18:13:16.0927 0x19a0 CertPropSvc - ok
18:13:16.0943 0x19a0 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
18:13:16.0974 0x19a0 circlass - ok
18:13:17.0021 0x19a0 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
18:13:17.0037 0x19a0 CLFS - ok
18:13:17.0052 0x19a0 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
18:13:17.0084 0x19a0 CmBatt - ok
18:13:17.0146 0x19a0 [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
18:13:17.0177 0x19a0 CNG - ok
18:13:17.0193 0x19a0 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
18:13:17.0209 0x19a0 CompositeBus - ok
18:13:17.0224 0x19a0 COMSysApp - ok
18:13:17.0224 0x19a0 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
18:13:17.0240 0x19a0 condrv - ok
18:13:17.0318 0x19a0 [ D5F868A46AED8E7CAD6C30E0599DD100, F016C3BAC207B5A513CB28E78F93D1347398B9BEEF8D1A32339D034AFB74CF6C ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:13:17.0318 0x19a0 cphs - ok
18:13:17.0334 0x19a0 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
18:13:17.0365 0x19a0 CryptSvc - ok
18:13:17.0396 0x19a0 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
18:13:17.0412 0x19a0 dam - ok
18:13:17.0443 0x19a0 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:13:17.0474 0x19a0 DcomLaunch - ok
18:13:17.0490 0x19a0 [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
18:13:17.0521 0x19a0 defragsvc - ok
18:13:17.0537 0x19a0 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:13:17.0599 0x19a0 DeviceAssociationService - ok
18:13:17.0599 0x19a0 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
18:13:17.0631 0x19a0 DeviceInstall - ok
18:13:17.0662 0x19a0 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
18:13:17.0693 0x19a0 Dfsc - ok
18:13:17.0693 0x19a0 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
18:13:17.0709 0x19a0 dg_ssudbus - ok
18:13:17.0754 0x19a0 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
18:13:17.0784 0x19a0 Dhcp - ok
18:13:17.0796 0x19a0 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
18:13:17.0814 0x19a0 disk - ok
18:13:17.0821 0x19a0 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
18:13:17.0851 0x19a0 dmvsc - ok
18:13:17.0864 0x19a0 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:13:17.0891 0x19a0 Dnscache - ok
18:13:17.0903 0x19a0 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll
18:13:17.0945 0x19a0 dot3svc - ok
18:13:17.0956 0x19a0 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll
18:13:18.0001 0x19a0 DPS - ok
18:13:18.0010 0x19a0 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:13:18.0026 0x19a0 drmkaud - ok
18:13:18.0038 0x19a0 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
18:13:18.0064 0x19a0 DsmSvc - ok
18:13:18.0147 0x19a0 [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:13:18.0212 0x19a0 DXGKrnl - ok
18:13:18.0231 0x19a0 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
18:13:18.0262 0x19a0 e1iexpress - ok
18:13:18.0278 0x19a0 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll
18:13:18.0293 0x19a0 Eaphost - ok
18:13:18.0403 0x19a0 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
18:13:18.0543 0x19a0 ebdrv - ok
18:13:18.0564 0x19a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe
18:13:18.0581 0x19a0 EFS - ok
18:13:18.0602 0x19a0 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
18:13:18.0621 0x19a0 EhStorClass - ok
18:13:18.0645 0x19a0 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:13:18.0661 0x19a0 EhStorTcgDrv - ok
18:13:18.0670 0x19a0 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
18:13:18.0710 0x19a0 ErrDev - ok
18:13:18.0753 0x19a0 [ CF5C9ED2A345E74A3C4443DD380C2050, 476763604414D79D69B7A6C7F373FBF9990B3F94C77DBA45AFA073A4E2EA473C ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
18:13:18.0772 0x19a0 ETD - ok
18:13:18.0798 0x19a0 [ 20B6699ECD1FE57520960B4F393CA8AF, 1B68D5E0E796B65F1A8A780587173A062772BF79E6893A26EB196F4F1284E8C2 ] ETDService C:\Program Files\Elantech\ETDService.exe
18:13:18.0828 0x19a0 ETDService - ok
18:13:18.0851 0x19a0 [ FA35D018A340369D9D48E5B07D0D42B2, 5B8428434D0B19042D71C26621AE0E5459C3A6AFEAF88667D550D8C3E5D10ABE ] ETDSMBus C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys
18:13:18.0863 0x19a0 ETDSMBus - ok
18:13:18.0887 0x19a0 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll
18:13:18.0942 0x19a0 EventSystem - ok
18:13:19.0013 0x19a0 [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:13:19.0039 0x19a0 EvtEng - ok
18:13:19.0052 0x19a0 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
18:13:19.0101 0x19a0 exfat - ok
18:13:19.0101 0x19a0 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
18:13:19.0116 0x19a0 fastfat - ok
18:13:19.0132 0x19a0 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe
18:13:19.0179 0x19a0 Fax - ok
18:13:19.0210 0x19a0 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
18:13:19.0226 0x19a0 fdc - ok
18:13:19.0245 0x19a0 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll
18:13:19.0274 0x19a0 fdPHost - ok
18:13:19.0279 0x19a0 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll
18:13:19.0303 0x19a0 FDResPub - ok
18:13:19.0315 0x19a0 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll
18:13:19.0343 0x19a0 fhsvc - ok
18:13:19.0372 0x19a0 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
18:13:19.0387 0x19a0 FileInfo - ok
18:13:19.0395 0x19a0 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
18:13:19.0444 0x19a0 Filetrace - ok
18:13:19.0450 0x19a0 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
18:13:19.0468 0x19a0 flpydisk - ok
18:13:19.0504 0x19a0 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:13:19.0527 0x19a0 FltMgr - ok
18:13:19.0590 0x19a0 [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\WINDOWS\system32\FntCache.dll
18:13:19.0630 0x19a0 FontCache - ok
18:13:19.0661 0x19a0 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:13:19.0677 0x19a0 FontCache3.0.0.0 - ok
18:13:19.0677 0x19a0 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
18:13:19.0692 0x19a0 FsDepends - ok
18:13:19.0708 0x19a0 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:13:19.0724 0x19a0 Fs_Rec - ok
18:13:19.0739 0x19a0 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:13:19.0755 0x19a0 fvevol - ok
18:13:19.0771 0x19a0 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
18:13:19.0802 0x19a0 FxPPM - ok
18:13:19.0817 0x19a0 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
18:13:19.0833 0x19a0 gagp30kx - ok
18:13:19.0833 0x19a0 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
18:13:19.0849 0x19a0 gencounter - ok
18:13:19.0864 0x19a0 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:13:19.0880 0x19a0 GPIOClx0101 - ok
18:13:19.0927 0x19a0 [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
18:13:19.0974 0x19a0 gpsvc - ok
18:13:20.0026 0x19a0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:20.0037 0x19a0 gupdate - ok
18:13:20.0045 0x19a0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:20.0059 0x19a0 gupdatem - ok
18:13:20.0085 0x19a0 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
18:13:20.0114 0x19a0 HdAudAddService - ok
18:13:20.0145 0x19a0 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
18:13:20.0164 0x19a0 HDAudBus - ok
18:13:20.0178 0x19a0 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
18:13:20.0195 0x19a0 HidBatt - ok
18:13:20.0204 0x19a0 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
18:13:20.0231 0x19a0 HidBth - ok
18:13:20.0260 0x19a0 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
18:13:20.0274 0x19a0 hidi2c - ok
18:13:20.0279 0x19a0 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
18:13:20.0297 0x19a0 HidIr - ok
18:13:20.0313 0x19a0 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll
18:13:20.0360 0x19a0 hidserv - ok
18:13:20.0375 0x19a0 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
18:13:20.0406 0x19a0 HidUsb - ok
18:13:20.0406 0x19a0 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
18:13:20.0422 0x19a0 hkmsvc - ok
18:13:20.0438 0x19a0 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:13:20.0453 0x19a0 HomeGroupListener - ok
18:13:20.0485 0x19a0 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:13:20.0516 0x19a0 HomeGroupProvider - ok
18:13:20.0531 0x19a0 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
18:13:20.0547 0x19a0 HpSAMD - ok
18:13:20.0578 0x19a0 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
18:13:20.0625 0x19a0 HTTP - ok
18:13:20.0641 0x19a0 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
18:13:20.0661 0x19a0 hwpolicy - ok
18:13:20.0671 0x19a0 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
18:13:20.0713 0x19a0 hyperkbd - ok
18:13:20.0718 0x19a0 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:13:20.0738 0x19a0 HyperVideo - ok
18:13:20.0748 0x19a0 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
18:13:20.0778 0x19a0 i8042prt - ok
18:13:20.0784 0x19a0 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:13:20.0797 0x19a0 iaLPSSi_GPIO - ok
18:13:20.0804 0x19a0 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:13:20.0818 0x19a0 iaLPSSi_I2C - ok
18:13:20.0865 0x19a0 [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
18:13:20.0896 0x19a0 iaStorA - ok
18:13:20.0928 0x19a0 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
18:13:20.0943 0x19a0 iaStorAV - ok
18:13:20.0990 0x19a0 [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:13:20.0990 0x19a0 IAStorDataMgrSvc - ok
18:13:21.0021 0x19a0 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
18:13:21.0037 0x19a0 iaStorV - ok
18:13:21.0053 0x19a0 [ CAAC69A001E1A5878D2F050F57F93DA4, 0A4263501F2C1C9E4B3764A2EF27607DF07810A10A2F23F3E389EA3E1E1ACA8A ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
18:13:21.0068 0x19a0 ibtusb - ok
18:13:21.0068 0x19a0 IEEtwCollectorService - ok
18:13:21.0209 0x19a0 [ 4F6363C26B4A3DDBC9FAFCBA68602B01, 0920551F9312D967AAA68003BD8C4A312AA8F1E8B826DDE8BF59B9B639AB5F3B ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:13:21.0442 0x19a0 igfx - ok
18:13:21.0479 0x19a0 [ E71AC94964ED675B3ED0727059B7F97B, 5468B5E9B75B10EA0BFBD81827FFC9CABFC69A4065CC5A5792DBC289D4DA27EE ] ikbevent C:\WINDOWS\system32\DRIVERS\ikbevent.sys
18:13:21.0490 0x19a0 ikbevent - ok
18:13:21.0526 0x19a0 [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\WINDOWS\System32\ikeext.dll
18:13:21.0584 0x19a0 IKEEXT - ok
18:13:21.0590 0x19a0 [ 2FDB67F5B9F4E96B40FDC9D1AA0B686F, B556328D54F886792A89588F3FEFE38F7129E3D7A417CDC012778FA4EF37A8C1 ] imsevent C:\WINDOWS\system32\DRIVERS\imsevent.sys
18:13:21.0598 0x19a0 imsevent - ok
18:13:21.0604 0x19a0 [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON C:\WINDOWS\System32\Drivers\INETMON.sys
18:13:21.0614 0x19a0 INETMON - ok
18:13:21.0618 0x19a0 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:13:21.0628 0x19a0 intaud_WaveExtensible - ok
18:13:21.0762 0x19a0 [ E39307AB89491751020D5FBD9E080926, A78A0ECF3DA005A76B0895FA0EEE3EC66AA9518307E1FFC59162D2E5308189E2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:13:21.0918 0x19a0 IntcAzAudAddService - ok
18:13:21.0949 0x19a0 [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:13:21.0965 0x19a0 IntcDAud - ok
18:13:22.0012 0x19a0 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:13:22.0058 0x19a0 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
18:13:25.0220 0x19a0 Detect skipped due to KSN trusted
18:13:25.0220 0x19a0 Intel(R) Capability Licensing Service Interface - ok
18:13:25.0267 0x19a0 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:13:25.0298 0x19a0 Intel(R) Capability Licensing Service TCP IP Interface - ok
18:13:25.0314 0x19a0 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:13:25.0330 0x19a0 Intel(R) ME Service - ok
18:13:25.0345 0x19a0 [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
18:13:25.0345 0x19a0 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok
18:13:25.0377 0x19a0 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
18:13:25.0377 0x19a0 intelide - ok
18:13:25.0408 0x19a0 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
18:13:25.0422 0x19a0 intelpep - ok
18:13:25.0444 0x19a0 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
18:13:25.0486 0x19a0 intelppm - ok
18:13:25.0494 0x19a0 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:13:25.0523 0x19a0 IpFilterDriver - ok
18:13:25.0580 0x19a0 [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
18:13:25.0613 0x19a0 iphlpsvc - ok
18:13:25.0646 0x19a0 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:13:25.0668 0x19a0 IPMIDRV - ok
18:13:25.0675 0x19a0 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
18:13:25.0680 0x19a0 IPNAT - ok
18:13:25.0696 0x19a0 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
18:13:25.0712 0x19a0 IRENUM - ok
18:13:25.0727 0x19a0 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
18:13:25.0727 0x19a0 isapnp - ok
18:13:25.0743 0x19a0 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
18:13:25.0774 0x19a0 iScsiPrt - ok
18:13:25.0805 0x19a0 [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT C:\WINDOWS\System32\drivers\ISCTD64.sys
18:13:25.0837 0x19a0 ISCT - ok
18:13:25.0884 0x19a0 [ 2A676B190889ACEDF3AA8D64C269F8AF, 7830536B86BC4233AD4EDD30B6CDEFDCA3969BD53B970BAA6ADCE9C3B88B8593 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
18:13:25.0899 0x19a0 ISCTAgent - ok
18:13:25.0899 0x19a0 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
18:13:25.0915 0x19a0 iwdbus - ok
18:13:25.0930 0x19a0 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:13:25.0946 0x19a0 jhi_service - ok
18:13:25.0946 0x19a0 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
18:13:25.0962 0x19a0 kbdclass - ok
18:13:25.0962 0x19a0 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
18:13:25.0977 0x19a0 kbdhid - ok
18:13:25.0977 0x19a0 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:13:26.0009 0x19a0 kdnic - ok
18:13:26.0024 0x19a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe
18:13:26.0040 0x19a0 KeyIso - ok
18:13:26.0040 0x19a0 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
18:13:26.0055 0x19a0 KSecDD - ok
18:13:26.0071 0x19a0 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:13:26.0118 0x19a0 KSecPkg - ok
18:13:26.0118 0x19a0 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
18:13:26.0150 0x19a0 ksthunk - ok
18:13:26.0185 0x19a0 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
18:13:26.0237 0x19a0 KtmRm - ok
18:13:26.0271 0x19a0 [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
18:13:26.0307 0x19a0 LanmanServer - ok
18:13:26.0339 0x19a0 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:13:26.0385 0x19a0 LanmanWorkstation - ok
18:13:26.0412 0x19a0 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
18:13:26.0464 0x19a0 lfsvc - ok
18:13:26.0468 0x19a0 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:13:26.0496 0x19a0 lltdio - ok
18:13:26.0512 0x19a0 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
18:13:26.0548 0x19a0 lltdsvc - ok
18:13:26.0564 0x19a0 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
18:13:26.0611 0x19a0 lmhosts - ok
18:13:26.0673 0x19a0 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:13:26.0705 0x19a0 LMS - ok
18:13:26.0720 0x19a0 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
18:13:26.0720 0x19a0 LSI_SAS - ok
18:13:26.0736 0x19a0 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:13:26.0752 0x19a0 LSI_SAS2 - ok
18:13:26.0767 0x19a0 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:13:26.0767 0x19a0 LSI_SAS3 - ok
18:13:26.0783 0x19a0 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
18:13:26.0783 0x19a0 LSI_SSS - ok
18:13:26.0845 0x19a0 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\WINDOWS\System32\lsm.dll
18:13:26.0892 0x19a0 LSM - ok
18:13:26.0923 0x19a0 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
18:13:26.0939 0x19a0 luafv - ok
18:13:27.0096 0x19a0 [ AE5983648FC4C35EE202724B21F60201, 31912873FBD0F81FCDBBEC1C5ADA28D8F84CD3FB9BA2EF6348400B6DD185B676 ] MaxthonUpdateSvc C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
18:13:27.0143 0x19a0 MaxthonUpdateSvc - ok
18:13:27.0159 0x19a0 [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:13:27.0174 0x19a0 mbamchameleon - ok
18:13:27.0174 0x19a0 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
18:13:27.0190 0x19a0 megasas - ok
18:13:27.0221 0x19a0 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
18:13:27.0237 0x19a0 megasr - ok
18:13:27.0253 0x19a0 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
18:13:27.0268 0x19a0 MEIx64 - ok
18:13:27.0268 0x19a0 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll
18:13:27.0315 0x19a0 MMCSS - ok
18:13:27.0315 0x19a0 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
18:13:27.0393 0x19a0 Modem - ok
18:13:27.0393 0x19a0 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
18:13:27.0440 0x19a0 monitor - ok
18:13:27.0471 0x19a0 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
18:13:27.0487 0x19a0 mouclass - ok
18:13:27.0503 0x19a0 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
18:13:27.0518 0x19a0 mouhid - ok
18:13:27.0534 0x19a0 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
18:13:27.0549 0x19a0 mountmgr - ok
18:13:27.0581 0x19a0 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:13:27.0581 0x19a0 MozillaMaintenance - ok
18:13:27.0596 0x19a0 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
18:13:27.0612 0x19a0 mpsdrv - ok
18:13:27.0643 0x19a0 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
18:13:27.0674 0x19a0 MpsSvc - ok
18:13:27.0737 0x19a0 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
18:13:27.0768 0x19a0 MRxDAV - ok
18:13:27.0815 0x19a0 [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:13:27.0893 0x19a0 mrxsmb - ok
18:13:27.0924 0x19a0 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:13:27.0974 0x19a0 mrxsmb10 - ok
18:13:28.0005 0x19a0 [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:13:28.0036 0x19a0 mrxsmb20 - ok
18:13:28.0052 0x19a0 [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
18:13:28.0099 0x19a0 MsBridge - ok
18:13:28.0114 0x19a0 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:13:28.0161 0x19a0 MSDTC - ok
18:13:28.0161 0x19a0 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:13:28.0177 0x19a0 Msfs - ok
18:13:28.0208 0x19a0 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:13:28.0224 0x19a0 msgpiowin32 - ok
18:13:28.0224 0x19a0 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:13:28.0239 0x19a0 mshidkmdf - ok
18:13:28.0255 0x19a0 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
18:13:28.0270 0x19a0 mshidumdf - ok
18:13:28.0287 0x19a0 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
18:13:28.0303 0x19a0 msisadrv - ok
18:13:28.0319 0x19a0 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
18:13:28.0350 0x19a0 MSiSCSI - ok
18:13:28.0350 0x19a0 msiserver - ok
18:13:28.0381 0x19a0 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:13:28.0397 0x19a0 MSKSSRV - ok
18:13:28.0397 0x19a0 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:13:28.0444 0x19a0 MsLldp - ok
18:13:28.0475 0x19a0 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:13:28.0490 0x19a0 MSPCLOCK - ok
18:13:28.0490 0x19a0 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:13:28.0506 0x19a0 MSPQM - ok
18:13:28.0522 0x19a0 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
18:13:28.0537 0x19a0 MsRPC - ok
18:13:28.0553 0x19a0 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
18:13:28.0569 0x19a0 mssmbios - ok
18:13:28.0584 0x19a0 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:13:28.0584 0x19a0 MSTEE - ok
18:13:28.0600 0x19a0 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
18:13:28.0631 0x19a0 MTConfig - ok
18:13:28.0631 0x19a0 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
18:13:28.0647 0x19a0 Mup - ok
18:13:28.0662 0x19a0 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
18:13:28.0662 0x19a0 mvumis - ok
18:13:28.0694 0x19a0 [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:13:28.0709 0x19a0 MyWiFiDHCPDNS - ok
18:13:28.0740 0x19a0 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll
18:13:28.0803 0x19a0 napagent - ok
18:13:28.0897 0x19a0 [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:13:28.0944 0x19a0 NativeWifiP - ok
18:13:28.0959 0x19a0 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
18:13:28.0975 0x19a0 NcaSvc - ok
18:13:28.0990 0x19a0 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll
18:13:29.0006 0x19a0 NcbService - ok
18:13:29.0006 0x19a0 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
18:13:29.0053 0x19a0 NcdAutoSetup - ok
18:13:29.0147 0x19a0 [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
18:13:29.0178 0x19a0 NDIS - ok
18:13:29.0194 0x19a0 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:13:29.0209 0x19a0 NdisCap - ok
18:13:29.0209 0x19a0 [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:13:29.0240 0x19a0 NdisImPlatform - ok
18:13:29.0272 0x19a0 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:13:29.0287 0x19a0 NdisTapi - ok
18:13:29.0287 0x19a0 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:13:29.0303 0x19a0 Ndisuio - ok
18:13:29.0303 0x19a0 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:13:29.0350 0x19a0 NdisVirtualBus - ok
18:13:29.0350 0x19a0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:13:29.0381 0x19a0 NdisWan - ok
18:13:29.0381 0x19a0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:13:29.0397 0x19a0 NdisWanLegacy - ok
18:13:29.0397 0x19a0 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:13:29.0428 0x19a0 NDProxy - ok
18:13:29.0428 0x19a0 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
18:13:29.0459 0x19a0 Ndu - ok
18:13:29.0459 0x19a0 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:13:29.0490 0x19a0 NetBIOS - ok
18:13:29.0506 0x19a0 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:13:29.0537 0x19a0 NetBT - ok
18:13:29.0569 0x19a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:13:29.0569 0x19a0 Netlogon - ok
18:13:29.0584 0x19a0 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll
18:13:29.0631 0x19a0 Netman - ok
18:13:29.0647 0x19a0 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
18:13:29.0678 0x19a0 netprofm - ok
18:13:29.0725 0x19a0 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:13:29.0740 0x19a0 NetTcpPortSharing - ok
18:13:29.0756 0x19a0 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys
18:13:29.0772 0x19a0 netvsc - ok
18:13:29.0881 0x19a0 [ F891EBF94DF71072CAC432F170192FD4, 167B117323542AECBF393C13AE4447FCB36E5D19D72DB59895C71844566A9DAA ] NETwNb64 C:\WINDOWS\system32\DRIVERS\Netwbw02.sys
18:13:30.0022 0x19a0 NETwNb64 - ok
18:13:30.0162 0x19a0 [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew02.sys
18:13:30.0287 0x19a0 NETwNe64 - ok
18:13:30.0334 0x19a0 [ 02E736F9861F1A6134736CF7473C513F, 7C574A50980885B213EFC0C394AFE613879B669246A4EA5EA6B5F791F7F6F32E ] NitroDriverReadSpool9 C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
18:13:30.0365 0x19a0 NitroDriverReadSpool9 - ok
18:13:30.0381 0x19a0 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
18:13:30.0412 0x19a0 NlaSvc - ok
18:13:30.0459 0x19a0 [ CD2C0C25ECFCF816306126D3C208614B, C0C8B59BDDB349A593DFF5107841EB76618631C867D7C8F234C9ECBD76713CB0 ] nlsX86cc C:\WINDOWS\SysWOW64\NLSSRV32.EXE
18:13:30.0459 0x19a0 nlsX86cc - ok
18:13:30.0475 0x19a0 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:13:30.0490 0x19a0 Npfs - ok
18:13:30.0490 0x19a0 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
18:13:30.0506 0x19a0 npsvctrig - ok
18:13:30.0522 0x19a0 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll
18:13:30.0553 0x19a0 nsi - ok
18:13:30.0584 0x19a0 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
18:13:30.0615 0x19a0 nsiproxy - ok
18:13:30.0678 0x19a0 [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:13:30.0740 0x19a0 Ntfs - ok
18:13:30.0787 0x19a0 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
18:13:30.0850 0x19a0 Null - ok
18:13:30.0850 0x19a0 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
18:13:30.0881 0x19a0 nvraid - ok
18:13:30.0881 0x19a0 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
18:13:30.0897 0x19a0 nvstor - ok
18:13:30.0912 0x19a0 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
18:13:30.0928 0x19a0 nv_agp - ok
18:13:30.0959 0x19a0 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
18:13:31.0006 0x19a0 p2pimsvc - ok
18:13:31.0037 0x19a0 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
18:13:31.0100 0x19a0 p2psvc - ok
18:13:31.0131 0x19a0 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
18:13:31.0178 0x19a0 Parport - ok
18:13:31.0194 0x19a0 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
18:13:31.0209 0x19a0 partmgr - ok
18:13:31.0225 0x19a0 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
18:13:31.0272 0x19a0 PcaSvc - ok
18:13:31.0334 0x19a0 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
18:13:31.0350 0x19a0 pci - ok
18:13:31.0365 0x19a0 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
18:13:31.0381 0x19a0 pciide - ok
18:13:31.0381 0x19a0 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
18:13:31.0397 0x19a0 pcmcia - ok
18:13:31.0397 0x19a0 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
18:13:31.0412 0x19a0 pcw - ok
18:13:31.0428 0x19a0 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
18:13:31.0444 0x19a0 pdc - ok
18:13:31.0459 0x19a0 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
18:13:31.0522 0x19a0 PEAUTH - ok
18:13:31.0537 0x19a0 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
18:13:31.0553 0x19a0 PerfHost - ok
18:13:31.0600 0x19a0 [ 64351455DF585673FECA37136BC8CBAC, 41376D69CD5F241F27E4F1B2FF06056DB5551C62393DD5FC357B38CC61677EFE ] PGService C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
18:13:31.0631 0x19a0 PGService - ok
18:13:31.0647 0x19a0 [ 29D2ADBA0F22B82D7B1C502A26558C7B, C0280D99614DE2490413ED6DB06CFBD0480766D0F7173DEEBCA6AE8D2CB111F7 ] PG_Service_Launcher C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
18:13:31.0662 0x19a0 PG_Service_Launcher - ok
18:13:31.0709 0x19a0 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll
18:13:31.0772 0x19a0 pla - ok
18:13:31.0787 0x19a0 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
18:13:31.0803 0x19a0 PlugPlay - ok
18:13:31.0803 0x19a0 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
18:13:31.0819 0x19a0 PNRPAutoReg - ok
18:13:31.0834 0x19a0 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
18:13:31.0850 0x19a0 PNRPsvc - ok
18:13:31.0881 0x19a0 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
18:13:32.0006 0x19a0 PolicyAgent - ok
18:13:32.0022 0x19a0 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll
18:13:32.0053 0x19a0 Power - ok
18:13:32.0162 0x19a0 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:13:32.0319 0x19a0 PrintNotify - ok
18:13:32.0412 0x19a0 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
18:13:32.0428 0x19a0 Processor - ok
18:13:32.0444 0x19a0 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
18:13:32.0459 0x19a0 ProfSvc - ok
18:13:32.0459 0x19a0 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
18:13:32.0490 0x19a0 Psched - ok
18:13:32.0506 0x19a0 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll
18:13:32.0537 0x19a0 QWAVE - ok
18:13:32.0537 0x19a0 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
18:13:32.0569 0x19a0 QWAVEdrv - ok
18:13:32.0600 0x19a0 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:13:32.0615 0x19a0 RasAcd - ok
18:13:32.0631 0x19a0 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:13:32.0662 0x19a0 RasAuto - ok
18:13:32.0678 0x19a0 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:13:32.0694 0x19a0 RasMan - ok
18:13:32.0709 0x19a0 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:13:32.0725 0x19a0 RasPppoe - ok
18:13:32.0756 0x19a0 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:13:32.0787 0x19a0 rdbss - ok
18:13:32.0803 0x19a0 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
18:13:32.0834 0x19a0 rdpbus - ok
18:13:32.0850 0x19a0 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
18:13:32.0897 0x19a0 RDPDR - ok
18:13:32.0928 0x19a0 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:13:32.0959 0x19a0 RdpVideoMiniport - ok
18:13:32.0975 0x19a0 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
18:13:32.0990 0x19a0 rdyboost - ok
18:13:33.0069 0x19a0 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
18:13:33.0100 0x19a0 ReFS - ok
18:13:33.0178 0x19a0 [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:13:33.0209 0x19a0 RegSrvc - ok
18:13:33.0256 0x19a0 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:13:33.0287 0x19a0 RemoteAccess - ok
18:13:33.0381 0x19a0 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:13:33.0412 0x19a0 RemoteRegistry - ok
18:13:33.0444 0x19a0 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
18:13:33.0459 0x19a0 RFCOMM - ok
18:13:33.0553 0x19a0 [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
18:13:33.0584 0x19a0 RichVideo64 - ok
18:13:33.0600 0x19a0 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
18:13:33.0616 0x19a0 RpcEptMapper - ok
18:13:33.0647 0x19a0 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:13:33.0662 0x19a0 RpcLocator - ok
18:13:33.0678 0x19a0 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:13:33.0709 0x19a0 RpcSs - ok
18:13:33.0756 0x19a0 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:13:33.0787 0x19a0 rspndr - ok
18:13:34.0381 0x19a0 [ D72F22971F0F492BE045EBAB0C79177D, 984B161880226440B5BF09478C783543C242CA995E56074229385E88FF87399A ] rtsuvc C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
18:13:34.0709 0x19a0 rtsuvc - ok
18:13:34.0740 0x19a0 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
18:13:34.0772 0x19a0 s3cap - ok
18:13:34.0803 0x19a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe
18:13:34.0819 0x19a0 SamSs - ok
18:13:34.0850 0x19a0 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
18:13:34.0865 0x19a0 sbp2port - ok
18:13:34.0881 0x19a0 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
18:13:34.0897 0x19a0 SCardSvr - ok
18:13:34.0912 0x19a0 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
18:13:34.0944 0x19a0 ScDeviceEnum - ok
18:13:34.0975 0x19a0 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:13:34.0990 0x19a0 scfilter - ok
18:13:35.0037 0x19a0 [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:13:35.0084 0x19a0 Schedule - ok
18:13:35.0100 0x19a0 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
18:13:35.0115 0x19a0 SCPolicySvc - ok
18:13:35.0178 0x19a0 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
18:13:35.0225 0x19a0 sdbus - ok
18:13:35.0490 0x19a0 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:13:35.0600 0x19a0 SDScannerService - ok
18:13:35.0647 0x19a0 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
18:13:35.0647 0x19a0 sdstor - ok
18:13:35.0725 0x19a0 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:13:35.0787 0x19a0 SDUpdateService - ok
18:13:35.0803 0x19a0 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:13:35.0819 0x19a0 SDWSCService - ok
18:13:35.0834 0x19a0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
18:13:35.0850 0x19a0 secdrv - ok
18:13:35.0865 0x19a0 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll
18:13:35.0881 0x19a0 seclogon - ok
18:13:35.0897 0x19a0 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll
18:13:35.0928 0x19a0 SENS - ok
18:13:35.0928 0x19a0 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsSimulatorDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:35.0959 0x19a0 SensorsSimulatorDriver - ok
18:13:35.0975 0x19a0 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
18:13:35.0990 0x19a0 SensrSvc - ok
18:13:36.0006 0x19a0 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
18:13:36.0022 0x19a0 SerCx - ok
18:13:36.0022 0x19a0 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
18:13:36.0037 0x19a0 SerCx2 - ok
18:13:36.0037 0x19a0 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
18:13:36.0069 0x19a0 Serenum - ok
18:13:36.0100 0x19a0 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
18:13:36.0115 0x19a0 Serial - ok
18:13:36.0115 0x19a0 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
18:13:36.0131 0x19a0 sermouse - ok
18:13:36.0162 0x19a0 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
18:13:36.0209 0x19a0 SessionEnv - ok
18:13:36.0209 0x19a0 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
18:13:36.0225 0x19a0 sfloppy - ok
18:13:36.0240 0x19a0 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:13:36.0272 0x19a0 SharedAccess - ok
18:13:36.0337 0x19a0 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:13:36.0369 0x19a0 ShellHWDetection - ok
18:13:36.0384 0x19a0 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:13:36.0384 0x19a0 SiSRaid2 - ok
18:13:36.0400 0x19a0 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
18:13:36.0400 0x19a0 SiSRaid4 - ok
18:13:36.0431 0x19a0 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:13:36.0447 0x19a0 SkypeUpdate - ok
18:13:36.0462 0x19a0 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll
18:13:36.0509 0x19a0 smphost - ok
18:13:36.0541 0x19a0 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:13:36.0556 0x19a0 SNMPTRAP - ok
18:13:36.0587 0x19a0 [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
18:13:36.0619 0x19a0 spaceport - ok
18:13:36.0619 0x19a0 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
18:13:36.0634 0x19a0 SpbCx - ok
18:13:36.0728 0x19a0 [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler C:\WINDOWS\System32\spoolsv.exe
18:13:36.0775 0x19a0 Spooler - ok
18:13:37.0228 0x19a0 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
18:13:37.0494 0x19a0 sppsvc - ok
18:13:37.0541 0x19a0 [ EAD5300C93946B0250A309E2BF2BE4CF, 6B9131D94ED31F838B1820EE67F068C4741B69D5C655587C89C9477986BD270F ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:13:37.0556 0x19a0 SQLWriter - ok
18:13:37.0603 0x19a0 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:13:37.0650 0x19a0 srv - ok
18:13:37.0697 0x19a0 [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
18:13:37.0759 0x19a0 srv2 - ok
18:13:37.0791 0x19a0 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:13:37.0822 0x19a0 srvnet - ok
18:13:37.0822 0x19a0 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:13:37.0869 0x19a0 SSDPSRV - ok
18:13:37.0916 0x19a0 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
18:13:37.0978 0x19a0 SstpSvc - ok
18:13:37.0994 0x19a0 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
18:13:38.0025 0x19a0 ssudmdm - ok
18:13:38.0056 0x19a0 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:13:38.0072 0x19a0 Steam Client Service - ok
18:13:38.0087 0x19a0 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
18:13:38.0103 0x19a0 stexstor - ok
18:13:38.0134 0x19a0 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll
18:13:38.0181 0x19a0 stisvc - ok
18:13:38.0212 0x19a0 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
18:13:38.0228 0x19a0 storahci - ok
18:13:38.0259 0x19a0 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
18:13:38.0275 0x19a0 storflt - ok
18:13:38.0275 0x19a0 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
18:13:38.0291 0x19a0 stornvme - ok
18:13:38.0291 0x19a0 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll
18:13:38.0322 0x19a0 StorSvc - ok
18:13:38.0322 0x19a0 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
18:13:38.0337 0x19a0 storvsc - ok
18:13:38.0337 0x19a0 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll
18:13:38.0369 0x19a0 svsvc - ok
18:13:38.0400 0x19a0 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
18:13:38.0416 0x19a0 swenum - ok
18:13:38.0556 0x19a0 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\WINDOWS\System32\swprv.dll
18:13:38.0603 0x19a0 swprv - ok
18:13:38.0650 0x19a0 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\WINDOWS\system32\sysmain.dll
18:13:38.0728 0x19a0 SysMain - ok
18:13:38.0728 0x19a0 [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:13:38.0759 0x19a0 SystemEventsBroker - ok
18:13:38.0775 0x19a0 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:13:38.0791 0x19a0 TabletInputService - ok
18:13:38.0822 0x19a0 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:13:38.0853 0x19a0 TapiSrv - ok
18:13:38.0947 0x19a0 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
18:13:39.0041 0x19a0 Tcpip - ok
18:13:39.0134 0x19a0 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:13:39.0212 0x19a0 TCPIP6 - ok
18:13:39.0228 0x19a0 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
18:13:39.0244 0x19a0 tcpipreg - ok
18:13:39.0259 0x19a0 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
18:13:39.0291 0x19a0 tdx - ok
18:13:39.0291 0x19a0 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
18:13:39.0306 0x19a0 terminpt - ok
18:13:39.0353 0x19a0 [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService C:\WINDOWS\System32\termsrv.dll
18:13:39.0416 0x19a0 TermService - ok
18:13:39.0431 0x19a0 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll
18:13:39.0447 0x19a0 Themes - ok
18:13:39.0447 0x19a0 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
18:13:39.0462 0x19a0 THREADORDER - ok
18:13:39.0478 0x19a0 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
18:13:39.0509 0x19a0 TimeBroker - ok
18:13:39.0509 0x19a0 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
18:13:39.0525 0x19a0 TPM - ok
18:13:39.0541 0x19a0 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll
18:13:39.0572 0x19a0 TrkWks - ok
18:13:39.0603 0x19a0 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:13:39.0634 0x19a0 TrustedInstaller - ok
18:13:39.0634 0x19a0 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
18:13:39.0650 0x19a0 TsUsbFlt - ok
18:13:39.0666 0x19a0 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:13:39.0681 0x19a0 TsUsbGD - ok
18:13:39.0681 0x19a0 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:13:39.0713 0x19a0 tunnel - ok
18:13:39.0728 0x19a0 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
18:13:39.0744 0x19a0 uagp35 - ok
18:13:39.0775 0x19a0 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
18:13:39.0775 0x19a0 UASPStor - ok
18:13:39.0806 0x19a0 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
18:13:39.0822 0x19a0 UCX01000 - ok
18:13:39.0838 0x19a0 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
18:13:39.0869 0x19a0 udfs - ok
18:13:39.0885 0x19a0 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
18:13:39.0885 0x19a0 UEFI - ok
18:13:39.0900 0x19a0 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
18:13:39.0931 0x19a0 UI0Detect - ok
18:13:39.0931 0x19a0 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
18:13:39.0947 0x19a0 uliagpkx - ok
18:13:39.0947 0x19a0 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
18:13:39.0963 0x19a0 umbus - ok
18:13:39.0963 0x19a0 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
18:13:39.0978 0x19a0 UmPass - ok
18:13:39.0994 0x19a0 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
18:13:40.0025 0x19a0 UmRdpService - ok
18:13:40.0025 0x19a0 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:13:40.0056 0x19a0 upnphost - ok
18:13:40.0103 0x19a0 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
18:13:40.0119 0x19a0 usbccgp - ok
18:13:40.0135 0x19a0 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
18:13:40.0150 0x19a0 usbcir - ok
18:13:40.0166 0x19a0 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
18:13:40.0181 0x19a0 usbehci - ok
18:13:40.0244 0x19a0 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
18:13:40.0275 0x19a0 usbhub - ok
18:13:40.0306 0x19a0 [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
18:13:40.0338 0x19a0 USBHUB3 - ok
18:13:40.0338 0x19a0 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
18:13:40.0447 0x19a0 usbohci - ok
18:13:40.0447 0x19a0 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
18:13:40.0478 0x19a0 usbprint - ok
18:13:40.0510 0x19a0 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:13:40.0525 0x19a0 USBSTOR - ok
18:13:40.0541 0x19a0 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
18:13:40.0572 0x19a0 usbuhci - ok
18:13:40.0603 0x19a0 [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
18:13:40.0650 0x19a0 usbvideo - ok
18:13:40.0666 0x19a0 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:13:40.0681 0x19a0 USBXHCI - ok
18:13:40.0713 0x19a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe
18:13:40.0744 0x19a0 VaultSvc - ok
18:13:40.0744 0x19a0 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
18:13:40.0760 0x19a0 vdrvroot - ok
18:13:40.0791 0x19a0 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\WINDOWS\System32\vds.exe
18:13:40.0838 0x19a0 vds - ok
18:13:40.0853 0x19a0 [ F7579733F4E8FF9B534C3F7D38F25C2C, 449FED49F2178D2A8000549B180606D050751762F53E600C13CFBEC91601DE87 ] VeriFaceSrv C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
18:13:40.0853 0x19a0 VeriFaceSrv - ok
18:13:40.0869 0x19a0 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
18:13:40.0885 0x19a0 VerifierExt - ok
18:13:40.0901 0x19a0 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
18:13:40.0933 0x19a0 vhdmp - ok
18:13:40.0948 0x19a0 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
18:13:40.0964 0x19a0 viaide - ok
18:13:40.0980 0x19a0 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
18:13:40.0980 0x19a0 vmbus - ok
18:13:40.0995 0x19a0 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
18:13:41.0026 0x19a0 VMBusHID - ok
18:13:41.0120 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:13:41.0151 0x19a0 vmicguestinterface - ok
18:13:41.0167 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
18:13:41.0183 0x19a0 vmicheartbeat - ok
18:13:41.0198 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:13:41.0229 0x19a0 vmickvpexchange - ok
18:13:41.0245 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
18:13:41.0261 0x19a0 vmicrdv - ok
18:13:41.0276 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
18:13:41.0292 0x19a0 vmicshutdown - ok
18:13:41.0308 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
18:13:41.0323 0x19a0 vmictimesync - ok
18:13:41.0339 0x19a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
18:13:41.0370 0x19a0 vmicvss - ok
18:13:41.0370 0x19a0 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
18:13:41.0386 0x19a0 volmgr - ok
18:13:41.0401 0x19a0 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
18:13:41.0417 0x19a0 volmgrx - ok
18:13:41.0433 0x19a0 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
18:13:41.0448 0x19a0 volsnap - ok
18:13:41.0448 0x19a0 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
18:13:41.0464 0x19a0 vpci - ok
18:13:41.0511 0x19a0 [ 78836108CF5AC6A0B365AC50A72F16D6, 53130B29A84E1CB5E96B81137DF7CFA69BF2A3C7E884ED45069BA9F5438776C1 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:13:41.0526 0x19a0 vpnagent - ok
18:13:41.0542 0x19a0 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys
18:13:41.0542 0x19a0 vpnva - ok
18:13:41.0558 0x19a0 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
18:13:41.0573 0x19a0 vsmraid - ok
18:13:41.0620 0x19a0 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\WINDOWS\system32\vssvc.exe
18:13:41.0667 0x19a0 VSS - ok
18:13:41.0683 0x19a0 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
18:13:41.0698 0x19a0 VSTXRAID - ok
18:13:41.0698 0x19a0 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
18:13:41.0729 0x19a0 vwifibus - ok
18:13:41.0745 0x19a0 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:13:41.0823 0x19a0 vwififlt - ok
18:13:41.0839 0x19a0 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:13:41.0870 0x19a0 vwifimp - ok
18:13:41.0886 0x19a0 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\WINDOWS\system32\w32time.dll
18:13:41.0901 0x19a0 W32Time - ok
18:13:41.0917 0x19a0 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
18:13:41.0933 0x19a0 WacomPen - ok
18:13:42.0026 0x19a0 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\WINDOWS\system32\wbengine.exe
18:13:42.0073 0x19a0 wbengine - ok
18:13:42.0104 0x19a0 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
18:13:42.0136 0x19a0 WbioSrvc - ok
18:13:42.0151 0x19a0 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
18:13:42.0183 0x19a0 Wcmsvc - ok
18:13:42.0198 0x19a0 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
18:13:42.0214 0x19a0 wcncsvc - ok
18:13:42.0245 0x19a0 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:13:42.0261 0x19a0 WcsPlugInService - ok
18:13:42.0276 0x19a0 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
18:13:42.0292 0x19a0 WdBoot - ok
18:13:42.0308 0x19a0 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
18:13:42.0339 0x19a0 Wdf01000 - ok
18:13:42.0354 0x19a0 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
18:13:42.0370 0x19a0 WdFilter - ok
18:13:42.0370 0x19a0 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
18:13:42.0386 0x19a0 WdiServiceHost - ok
18:13:42.0386 0x19a0 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
18:13:42.0417 0x19a0 WdiSystemHost - ok
18:13:42.0433 0x19a0 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:13:42.0448 0x19a0 WdNisDrv - ok
18:13:42.0448 0x19a0 WdNisSvc - ok
18:13:42.0495 0x19a0 [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient C:\WINDOWS\System32\webclnt.dll
18:13:42.0511 0x19a0 WebClient - ok
18:13:42.0511 0x19a0 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:13:42.0558 0x19a0 Wecsvc - ok
18:13:42.0573 0x19a0 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
18:13:42.0620 0x19a0 WEPHOSTSVC - ok
18:13:42.0636 0x19a0 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
18:13:42.0667 0x19a0 wercplsupport - ok
18:13:42.0667 0x19a0 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
18:13:42.0683 0x19a0 WerSvc - ok
18:13:42.0714 0x19a0 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:13:42.0729 0x19a0 WFPLWFS - ok
18:13:42.0729 0x19a0 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
18:13:42.0745 0x19a0 WiaRpc - ok
18:13:42.0761 0x19a0 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
18:13:42.0761 0x19a0 WIMMount - ok
18:13:42.0761 0x19a0 WinDefend - ok
18:13:42.0808 0x19a0 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:13:42.0870 0x19a0 WinHttpAutoProxySvc - ok
18:13:42.0901 0x19a0 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:13:42.0964 0x19a0 Winmgmt - ok
18:13:43.0026 0x19a0 [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:13:43.0105 0x19a0 WinRM - ok
18:13:43.0151 0x19a0 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
18:13:43.0183 0x19a0 WinUsb - ok
18:13:43.0261 0x19a0 [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
18:13:43.0308 0x19a0 WlanSvc - ok
18:13:43.0370 0x19a0 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
18:13:43.0448 0x19a0 wlidsvc - ok
18:13:43.0464 0x19a0 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
18:13:43.0480 0x19a0 WmiAcpi - ok
18:13:43.0495 0x19a0 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:13:43.0526 0x19a0 wmiApSrv - ok
18:13:43.0526 0x19a0 WMPNetworkSvc - ok
18:13:43.0542 0x19a0 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
18:13:43.0558 0x19a0 Wof - ok
18:13:43.0620 0x19a0 [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
18:13:43.0683 0x19a0 workfolderssvc - ok
18:13:43.0714 0x19a0 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:13:43.0730 0x19a0 wpcfltr - ok
18:13:43.0745 0x19a0 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
18:13:43.0761 0x19a0 WPCSvc - ok
18:13:43.0777 0x19a0 [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
18:13:43.0808 0x19a0 WPDBusEnum - ok
18:13:43.0823 0x19a0 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:13:43.0839 0x19a0 WpdUpFltr - ok
18:13:43.0855 0x19a0 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:13:43.0870 0x19a0 ws2ifsl - ok
18:13:43.0886 0x19a0 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\WINDOWS\System32\wscsvc.dll
18:13:43.0917 0x19a0 wscsvc - ok
18:13:43.0917 0x19a0 WSearch - ok
18:13:44.0042 0x19a0 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\WINDOWS\System32\WSService.dll
18:13:44.0154 0x19a0 WSService - ok
18:13:44.0185 0x19a0 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
18:13:44.0201 0x19a0 wsvd - ok
18:13:44.0326 0x19a0 [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
18:13:44.0436 0x19a0 wuauserv - ok
18:13:44.0467 0x19a0 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
18:13:44.0482 0x19a0 WudfPf - ok
18:13:44.0498 0x19a0 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
18:13:44.0514 0x19a0 WUDFRd - ok
18:13:44.0514 0x19a0 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
18:13:44.0564 0x19a0 wudfsvc - ok
18:13:44.0572 0x19a0 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:44.0575 0x19a0 WUDFWpdFs - ok
18:13:44.0590 0x19a0 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:13:44.0606 0x19a0 WUDFWpdMtp - ok
18:13:44.0622 0x19a0 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
18:13:44.0653 0x19a0 WwanSvc - ok
18:13:44.0840 0x19a0 [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:13:44.0965 0x19a0 ZeroConfigService - ok
18:13:44.0981 0x19a0 ================ Scan global ===============================
18:13:44.0997 0x19a0 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
18:13:44.0997 0x19a0 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
18:13:45.0012 0x19a0 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
18:13:45.0044 0x19a0 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
18:13:45.0044 0x19a0 [ Global ] - ok
18:13:45.0044 0x19a0 ================ Scan MBR ==================================
18:13:45.0059 0x19a0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:13:45.0122 0x19a0 \Device\Harddisk0\DR0 - ok
18:13:45.0122 0x19a0 ================ Scan VBR ==================================
18:13:45.0122 0x19a0 [ 2A2E6EBE3F9D94DAEE9A65B2B5066D19 ] \Device\Harddisk0\DR0\Partition1
18:13:45.0137 0x19a0 \Device\Harddisk0\DR0\Partition1 - ok
18:13:45.0169 0x19a0 [ 9FA178A97DCE7362011A7FFF6FDA3AFD ] \Device\Harddisk0\DR0\Partition2
18:13:45.0169 0x19a0 \Device\Harddisk0\DR0\Partition2 - ok
18:13:45.0184 0x19a0 [ FD2F571144C3D4DF98714F9C57DDB9DF ] \Device\Harddisk0\DR0\Partition3
18:13:45.0200 0x19a0 \Device\Harddisk0\DR0\Partition3 - ok
18:13:45.0200 0x19a0 [ 62B154E5B170E88FCB9B2F428F43AC8A ] \Device\Harddisk0\DR0\Partition4
18:13:45.0215 0x19a0 \Device\Harddisk0\DR0\Partition4 - ok
18:13:45.0215 0x19a0 [ 0271E309660CBA6A6B6CC844062F0A9C ] \Device\Harddisk0\DR0\Partition5
18:13:45.0231 0x19a0 \Device\Harddisk0\DR0\Partition5 - ok
18:13:45.0264 0x19a0 [ 5B843986F75659B0EDA0708021E73503 ] \Device\Harddisk0\DR0\Partition6
18:13:45.0280 0x19a0 \Device\Harddisk0\DR0\Partition6 - ok
18:13:45.0296 0x19a0 [ 409A0834B03645D13AC19AC71E662A6C ] \Device\Harddisk0\DR0\Partition7
18:13:45.0311 0x19a0 \Device\Harddisk0\DR0\Partition7 - ok
18:13:45.0311 0x19a0 ================ Scan generic autorun ======================
18:13:45.0358 0x19a0 [ 2FA26C993349B4D2016CBE21A49E5432, 9AD05224E1E2306271D1E2D74B63253F3807D4C60F8B94B661527B311D7E892A ] C:\WINDOWS\system32\igfxtray.exe
18:13:45.0374 0x19a0 IgfxTray - ok
18:13:45.0389 0x19a0 [ A608F8BDF259CB3C323247CC1A533A10, 82126BA52DBF2C97884BAFD5E5A74ABDCA3E092DACB8A4CADFF2851520727E5B ] C:\WINDOWS\system32\hkcmd.exe
18:13:45.0405 0x19a0 HotKeysCmds - ok
18:13:45.0436 0x19a0 [ 47189B3FB35A23FD5A491A79EDBEDA0D, 04986B81A450F65E16A974AA7F2987273887A0F9FFEE2D904D0FC64E8D3CDE22 ] C:\WINDOWS\system32\igfxpers.exe
18:13:45.0467 0x19a0 Persistence - ok
18:13:45.0467 0x19a0 BTMTrayAgent - ok
18:13:45.0827 0x19a0 [ 66EB84DA5F31FDA757336444B8D1E3B2, FECAB747B321AD6ED2336C1FB2E756C39883275ED54A559CF7B6989DEA4DD7EB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:13:46.0217 0x19a0 RtHDVCpl - ok
18:13:46.0264 0x19a0 [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
18:13:46.0311 0x19a0 RtHDVBg_Dolby - ok
18:13:46.0311 0x19a0 ETDCtrl - ok
18:13:46.0514 0x19a0 [ F7924502BDFBBD3AD2FAF913F159F0A2, 59217F1B6A3E7FB7BB4C806DB762282533C73A16845A3578DC93BCFA33867B5F ] C:\WINDOWS\RTFTrack.exe
18:13:46.0733 0x19a0 RtsFT - ok
18:13:47.0204 0x19a0 [ 64CA43FF218C71AB6EB709AD0341AF2B, 45C4FCCD9F5B12A54A6186F4C94CC55A80745B09A34D398C35FD48C9BF21E6A8 ] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
18:13:47.0676 0x19a0 Energy Manager - ok
18:13:47.0692 0x19a0 [ F0627CE818DA58BAE771DCD4669FA343, 070CE17C9DAC01CC5AE465DFA3FDD8A44ABF97AC8101ED238C96668027B6F10B ] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
18:13:47.0707 0x19a0 Lenovo Utility - ok
18:13:47.0723 0x19a0 [ 5603A481CDEFF6733EA1759384117A61, 79189E198675D4B3B2E91C737AB596264FE15C16A54512D1117C70729CE88546 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
18:13:47.0754 0x19a0 Cisco AnyConnect Secure Mobility Agent for Windows - ok
18:13:47.0801 0x19a0 [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
18:13:47.0832 0x19a0 avgnt - ok
18:13:47.0848 0x19a0 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:13:47.0864 0x19a0 SunJavaUpdateSched - ok
18:13:48.0082 0x19a0 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
18:13:48.0192 0x19a0 SDTray - ok
18:13:48.0223 0x19a0 [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
18:13:48.0223 0x19a0 Avira Systray - ok
18:13:48.0598 0x19a0 [ C3335307591FA55D8C5C2CBEEEAAC6D4, B48C4EAF558D6AFBAB78169C0C0559EE119CE89509D25214550434895F1EB202 ] C:\Users\Max\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
18:13:48.0895 0x19a0 Pokki - ok
18:13:48.0911 0x19a0 Waiting for KSN requests completion. In queue: 22
18:13:49.0926 0x19a0 Waiting for KSN requests completion. In queue: 22
18:13:50.0935 0x19a0 Waiting for KSN requests completion. In queue: 22
18:13:51.0962 0x19a0 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
18:13:51.0978 0x19a0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
18:13:52.0009 0x19a0 Win FW state via NFP2: enabled
18:13:54.0384 0x19a0 ============================================================
18:13:54.0384 0x19a0 Scan finished
18:13:54.0384 0x19a0 ============================================================
18:13:54.0400 0x1100 Detected object count: 0
18:13:54.0400 0x1100 Actual detected object count: 0
|
|
28.03.2015, 03:30
| #8 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.03.2015, 01:03
| #9 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Sooo, vielen Dank für die ganze Hilfe. Adware Cleaner hat etwas gefunden. Hier die ganzen Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.03.2015 Suchlauf-Zeit: 15:00:43 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.30.05 Rootkit Datenbank: v2015.03.26.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Max Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 367145 Verstrichene Zeit: 14 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.200 - Bericht erstellt 31/03/2015 um 01:14:50
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Max - DONQUIXOTE_D
# Gestarted von : C:\Users\Max\Downloads\AdwCleaner_4.200.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.4 (x86 de)
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [1146 Bytes] - [30/11/2014 19:41:21]
AdwCleaner[R1].txt - [1169 Bytes] - [30/03/2015 18:55:10]
AdwCleaner[S0].txt - [1041 Bytes] - [31/03/2015 01:14:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1100 Bytes] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 8.1 x64
Ran by Max on 31.03.2015 at 1:42:00,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2015 at 1:45:41,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und zuletzt die frische FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Max (administrator) on DONQUIXOTE_D on 31-03-2015 01:54:47 Running from C:\Users\Max\Downloads Loaded Profiles: Max (Available profiles: Max) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Thisisu) C:\Users\Max\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-07] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-07] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-03-20] FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20] Chrome: ======= CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06] CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06] CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06] CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06] CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06] CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06] CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30] CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06] CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-07] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] () R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] () S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 01:45 - 2015-03-31 01:45 - 00000612 _____ () C:\Users\Max\Desktop\JRT.txt 2015-03-31 01:39 - 2015-03-31 01:40 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT (1).exe 2015-03-31 01:39 - 2015-03-31 01:39 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2015-03-30 15:54 - 2015-03-30 15:54 - 02208768 _____ () C:\Users\Max\Downloads\AdwCleaner_4.200.exe 2015-03-30 15:47 - 2015-03-30 15:47 - 00001192 _____ () C:\Users\Max\Desktop\mbam.txt 2015-03-30 14:59 - 2015-03-30 14:59 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-30 14:59 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-30 14:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-30 14:58 - 2015-03-30 14:58 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Max\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-27 20:12 - 2015-03-27 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-27 19:12 - 2015-03-27 19:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Max\Downloads\tdsskiller.exe 2015-03-26 14:01 - 2015-03-31 01:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-26 14:01 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-26 14:01 - 2015-03-26 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-26 13:50 - 2015-03-26 19:05 - 00000000 ____D () C:\Users\Max\Desktop\mbar 2015-03-26 13:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-26 13:49 - 2015-03-26 13:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Max\Downloads\mbar-1.09.1.1004.exe 2015-03-24 19:48 - 2015-03-24 19:49 - 00029464 _____ () C:\Users\Max\Downloads\Addition.txt 2015-03-24 19:47 - 2015-03-31 01:54 - 00020049 _____ () C:\Users\Max\Downloads\FRST.txt 2015-03-24 19:47 - 2015-03-31 01:54 - 00000000 ____D () C:\FRST 2015-03-24 19:47 - 2015-03-24 19:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2015-03-10 22:01 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-10 22:01 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-10 22:01 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-10 22:01 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-10 22:01 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-10 21:59 - 2015-01-30 05:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys 2015-03-10 21:59 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-10 21:59 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-10 21:59 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-10 21:59 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-10 21:59 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-10 21:59 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-10 20:59 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-10 20:59 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-10 20:59 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-10 20:59 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-10 20:59 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-10 20:59 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-10 20:59 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-10 20:59 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-10 20:59 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-10 20:59 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-10 20:59 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-10 20:59 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-10 20:59 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-10 20:59 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-10 20:59 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-10 20:59 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-10 20:59 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-10 20:59 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-10 20:59 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-10 20:59 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-10 20:59 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-10 20:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-10 20:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-10 20:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-10 20:58 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-10 20:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-10 20:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-10 20:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-10 20:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-10 20:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-10 20:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-10 20:58 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-10 20:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-10 20:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-10 20:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-10 20:58 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-10 20:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-10 20:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-10 20:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-10 20:58 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-10 20:58 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-10 20:58 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-10 20:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-10 20:58 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-10 20:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-10 20:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-10 20:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-10 20:58 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-10 20:58 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-10 20:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-10 20:58 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-10 20:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-10 20:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-10 20:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-10 20:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-10 20:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-10 20:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-10 20:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-10 20:58 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-10 20:58 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-10 20:58 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-10 20:58 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-10 20:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-10 20:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-10 20:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-10 20:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 01:55 - 2014-11-06 17:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-31 01:30 - 2014-11-03 15:45 - 00000000 ___DO () C:\Users\Max\OneDrive 2015-03-31 01:24 - 2014-07-07 08:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2015-03-31 01:24 - 2014-07-07 08:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2015-03-31 01:24 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-31 01:17 - 2014-11-26 16:55 - 00000000 ____D () C:\Program Files (x86)\Razer 2015-03-31 01:17 - 2014-11-06 17:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-31 01:17 - 2013-08-22 16:46 - 00050302 _____ () C:\WINDOWS\setupact.log 2015-03-31 01:16 - 2014-11-07 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-31 01:16 - 2014-03-18 11:44 - 00149270 _____ () C:\WINDOWS\PFRO.log 2015-03-31 01:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-31 01:15 - 2014-07-07 00:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf 2015-03-31 01:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-31 01:14 - 2014-11-30 19:41 - 00000000 ____D () C:\AdwCleaner 2015-03-31 01:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-30 15:25 - 2014-11-03 15:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001 2015-03-30 15:21 - 2014-07-06 23:06 - 01967234 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-30 14:58 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki 2015-03-24 19:44 - 2014-12-26 02:01 - 00000000 ____D () C:\Users\Max\OSBuddy 2015-03-22 22:15 - 2014-12-21 13:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat 2015-03-21 20:56 - 2014-11-06 17:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-20 03:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-19 22:39 - 2014-07-07 00:26 - 00000000 ____D () C:\ProgramData\Energy Manager 2015-03-12 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-11 13:18 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-11 00:26 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-11 00:25 - 2014-11-08 00:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-11 00:19 - 2014-11-08 00:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-10 20:53 - 2014-11-29 19:13 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-03-10 20:53 - 2014-11-29 19:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-03-10 20:53 - 2014-11-29 19:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-05 22:41 - 2014-07-06 23:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-04 23:24 - 2014-11-16 12:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-04 23:24 - 2014-11-16 12:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\Max\jagex_cl_oldschool_LIVE.dat C:\Users\Max\jagex_cl_runescape_LIVE.dat C:\Users\Max\jagex_cl_runescape_LIVE1.dat C:\Users\Max\random.dat Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe C:\Users\Max\AppData\Local\Temp\Quarantine.exe C:\Users\Max\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-24 00:40 ==================== End Of Log ============================ |
|
31.03.2015, 16:44
| #10 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.GenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2015, 10:41
| #11 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Okay, also hier mal der ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8701c13797279144a9301e4a478d5fc9
# engine=23196
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-02 02:20:50
# local_time=2015-04-02 04:20:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1900018 23225172 0 0
# scanned=241808
# found=0
# cleaned=0
# scan_time=5356
Code:
ATTFilter Results of screen317's Security Check version 0.99.99 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.235 Flash Player out of Date! Mozilla Firefox (36.0.4) Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` und das frische FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Max (administrator) on DONQUIXOTE_D on 02-04-2015 11:37:03 Running from C:\Users\Max\Downloads Loaded Profiles: Max & (Available profiles: Max) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon\bin\maxthon.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Users\Max\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-09-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-19] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-07-07] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-07-07] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = SearchScopes: HKU\S-1-5-21-4212791573-526093383-3597010243-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> {4961F028-E6AD-48FF-9E5F-B5E23E122272} URL = BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-01] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-01] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\abs@avira.com [2015-04-01] FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\kfu7j3un.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-20] Chrome: ======= CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-06] CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-06] CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-06] CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06] CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06] CHR Extension: (Google Sheets) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-06] CHR Extension: (Avira Browser Safety) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-30] CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-06] CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-27] (Maxthon) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD) S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-07-07] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-06] (ELAN Microelectronic Corp.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] () R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [29088 2013-08-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] () S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-25] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-19] (Realtek Semiconductor Corp.) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-02 11:34 - 2015-04-02 11:34 - 00852607 _____ () C:\Users\Max\Downloads\SecurityCheck.exe 2015-04-02 02:46 - 2015-04-02 02:46 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_deu.exe 2015-03-31 01:45 - 2015-03-31 01:45 - 00000612 _____ () C:\Users\Max\Desktop\JRT.txt 2015-03-31 01:39 - 2015-03-31 01:40 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT (1).exe 2015-03-31 01:39 - 2015-03-31 01:39 - 01389097 _____ (Thisisu) C:\Users\Max\Downloads\JRT.exe 2015-03-30 15:54 - 2015-03-30 15:54 - 02208768 _____ () C:\Users\Max\Downloads\AdwCleaner_4.200.exe 2015-03-30 15:47 - 2015-03-30 15:47 - 00001192 _____ () C:\Users\Max\Desktop\mbam.txt 2015-03-30 14:59 - 2015-03-30 14:59 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-30 14:59 - 2015-03-30 14:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-30 14:59 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-30 14:59 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-30 14:58 - 2015-03-30 14:58 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Max\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-27 20:12 - 2015-03-27 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-27 19:12 - 2015-03-27 19:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Max\Downloads\tdsskiller.exe 2015-03-26 14:01 - 2015-04-02 07:46 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-26 14:01 - 2015-03-30 14:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-26 14:01 - 2015-03-26 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-26 13:50 - 2015-03-26 19:05 - 00000000 ____D () C:\Users\Max\Desktop\mbar 2015-03-26 13:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-26 13:49 - 2015-03-26 13:49 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Max\Downloads\mbar-1.09.1.1004.exe 2015-03-24 19:48 - 2015-03-24 19:49 - 00029464 _____ () C:\Users\Max\Downloads\Addition.txt 2015-03-24 19:47 - 2015-04-02 11:37 - 00025329 _____ () C:\Users\Max\Downloads\FRST.txt 2015-03-24 19:47 - 2015-04-02 11:37 - 00000000 ____D () C:\FRST 2015-03-24 19:47 - 2015-03-24 19:47 - 02095616 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2015-03-10 22:01 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-10 22:01 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-10 22:01 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-10 22:01 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-10 22:01 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-10 21:59 - 2015-01-30 05:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys 2015-03-10 21:59 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-10 21:59 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-10 21:59 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-10 21:59 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-10 21:59 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-10 21:59 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-10 20:59 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-10 20:59 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-10 20:59 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-10 20:59 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-10 20:59 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-10 20:59 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-10 20:59 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-10 20:59 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-10 20:59 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-10 20:59 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-10 20:59 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-10 20:59 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-10 20:59 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-10 20:59 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-10 20:59 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-10 20:59 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-10 20:59 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-10 20:59 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-10 20:59 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-10 20:59 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-10 20:59 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-10 20:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-10 20:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-10 20:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-10 20:58 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-10 20:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-10 20:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-10 20:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-10 20:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-10 20:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-10 20:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-10 20:58 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-10 20:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-10 20:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-10 20:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-10 20:58 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-10 20:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-10 20:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-10 20:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-10 20:58 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-10 20:58 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-10 20:58 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-10 20:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-10 20:58 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-10 20:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-10 20:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-10 20:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-10 20:58 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-10 20:58 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-10 20:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-10 20:58 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-10 20:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-10 20:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-10 20:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-10 20:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-10 20:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-10 20:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-10 20:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-10 20:58 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-10 20:58 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-10 20:58 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-10 20:58 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-10 20:57 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-10 20:57 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-10 20:57 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-10 20:57 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-02 10:55 - 2014-11-06 17:39 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-02 08:06 - 2014-07-06 23:06 - 01072099 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-01 22:57 - 2014-11-03 15:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4212791573-526093383-3597010243-1001 2015-04-01 22:48 - 2014-11-06 17:39 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-01 22:48 - 2014-11-03 15:45 - 00000000 ___DO () C:\Users\Max\OneDrive 2015-04-01 12:14 - 2014-11-29 19:16 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Avira 2015-04-01 12:13 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-01 12:13 - 2014-11-29 19:03 - 00000000 ____D () C:\ProgramData\Avira 2015-03-31 15:01 - 2014-12-21 13:37 - 00000042 _____ () C:\Users\Max\jagex_cl_oldschool_LIVE.dat 2015-03-31 01:24 - 2014-07-07 08:50 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2015-03-31 01:24 - 2014-07-07 08:50 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2015-03-31 01:24 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-31 01:17 - 2014-11-26 16:55 - 00000000 ____D () C:\Program Files (x86)\Razer 2015-03-31 01:17 - 2013-08-22 16:46 - 00050302 _____ () C:\WINDOWS\setupact.log 2015-03-31 01:16 - 2014-11-07 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-31 01:16 - 2014-03-18 11:44 - 00149270 _____ () C:\WINDOWS\PFRO.log 2015-03-31 01:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-31 01:15 - 2014-07-07 00:24 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf 2015-03-31 01:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-31 01:14 - 2014-11-30 19:41 - 00000000 ____D () C:\AdwCleaner 2015-03-30 14:58 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Max\AppData\Local\Pokki 2015-03-24 19:44 - 2014-12-26 02:01 - 00000000 ____D () C:\Users\Max\OSBuddy 2015-03-21 20:56 - 2014-11-06 17:40 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-20 03:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-19 22:39 - 2014-07-07 00:26 - 00000000 ____D () C:\ProgramData\Energy Manager 2015-03-12 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-11 13:18 - 2013-08-22 16:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-11 04:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-11 00:26 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-11 00:25 - 2014-11-08 00:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-11 00:19 - 2014-11-08 00:32 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-10 20:53 - 2014-11-29 19:08 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-03-10 20:53 - 2014-11-29 19:08 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-03-10 20:53 - 2014-11-29 19:08 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-03-05 22:41 - 2014-11-29 19:03 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-05 22:41 - 2014-07-06 23:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-04 23:24 - 2014-11-16 12:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-04 23:24 - 2014-11-16 12:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\Max\jagex_cl_oldschool_LIVE.dat C:\Users\Max\jagex_cl_runescape_LIVE.dat C:\Users\Max\jagex_cl_runescape_LIVE1.dat C:\Users\Max\random.dat Some content of TEMP: ==================== C:\Users\Max\AppData\Local\Temp\avgnt.exe C:\Users\Max\AppData\Local\Temp\oct1A2D.tmp.exe C:\Users\Max\AppData\Local\Temp\oct7CBA.tmp.exe C:\Users\Max\AppData\Local\Temp\oct9BAD.tmp.exe C:\Users\Max\AppData\Local\Temp\octEBDE.tmp.exe C:\Users\Max\AppData\Local\Temp\Quarantine.exe C:\Users\Max\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-01 22:57 ==================== End Of Log ============================ Wars das? Hatte ich was schlimmes oben? Danke vielmals! LG |
|
02.04.2015, 20:06
| #12 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Java und FLash udaten. Adware und bissl Malware. Auf jeden Fall Passwörter ändern. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Max\random.dat
2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2015, 22:18
| #13 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Vielen Dank vorweg einmal für die tolle Hilfe, Spende kommt bestimmt. Allerdings bin ich jetzt ganz schön paranoid. Eine Frage habe ich noch. Und zwar habe ich, nachdem der Laptop nach dem "Fix" von FRST neu gestartet wurde, Chrome gestartet und Adblock Plus hat sich wieder installiert. Ich habs nun deinstalliert, nachdem ich "Adblock Plus Malware" gegoogled habe. (Es scheint harmlos zu sein, aber ich wollte lieber auf Nummer Sicher gehen) Soll ich den Adblocker ganz weglassen? Gibt es eine empfehlenswerte alternative? Streaming Seiten werde ich jetzt wohl ganz lassen denke ich, die habe ich wohl sehr unterschätzt. Und hier noch der Fixlist log. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Max at 2015-04-02 22:55:17 Run:1
Running from C:\Users\Max\Desktop
Loaded Profiles: Max & (Available profiles: Max)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Max\random.dat
2014-07-06 23:48 - 2014-07-06 23:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:
*****************
C:\Users\Max\random.dat => Moved successfully.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
EmptyTemp: => Removed 1.4 GB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-02 22:57:51)<=
C:\ProgramData\DP45977C.lfl => Is moved successfully.
==== End of Fixlog 22:57:51 ====
EDIT: Mir ist aufgefallen, dass in der Checklog.txt die ich vorhin gepostet habe steht, dass "Java version 32-bit out of Date!" ist. Das ist aber ein 64-bit Betriebssystem, habe ich die falsche Java Software installiert? Java und Flash habe ich geupdated. EDIT 2: Kurze Frage zu den Windows Updates, was ist denn mit den optionalen Updates? Empfiehlt es sich diese zu installieren? EDIT 3: Sorry wegen den ganzen Edits. Habe mir jetzt Emisoft heruntergeladen und mir gefällt es ganz gut, allerdings habe ich nach der Installation den Schnelltest gestartet und er hat 2 unerwünschte Sachen gefunden.  Ausgewähltes habe ich in Quarantäne verschoben Hier der Log: Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 02.04.2015 23:49:50
Benutzerkonto: DONQUIXOTE_D\Max
Scan-Einstellungen:
Scan Methode: Schnelltest
Objekte: Rootkits, Speicher, Traces
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 02.04.2015 23:50:48
Value: HKEY_USERS\S-1-5-21-4212791573-526093383-3597010243-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4212791573-526093383-3597010243-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Gescannt 59224
Gefunden 2
Scan-Ende: 02.04.2015 23:51:41
Scan-Zeit: 0:00:53
 Geändert von himynameis (02.04.2015 um 23:08 Uhr) |
|
03.04.2015, 13:35
| #14 |
| /// the machine /// TB-Ausbilder | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Ein Adblocker ist ein Muss im Browser. Adblock Edge als Addon kannste ja mal installieren. Optionale Updates sind Optional, ich installiere sie aber immer. Java 32bit reicht, läuft auch auf 64Bit. Die beiden Funde kommen auch gerne von Security Software, einfach entfernen und gut is
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2015, 15:05
| #15 |
| | Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen Nochmal eine kurze Frage und zwar habe ich gestern die Programme durchkämmt die ich oben habe. Unter anderem habe ich da "Start Menu" vom Herausgeber "Pokki" Der Name kam mir bekannt vor und man findet auch nicht viel gutes darüber. Wenn ich auf deinstallieren klicke, komme ich zu folgendem Pfad: C:\WINDOWS\System32 Bedeutet das, das es schon deinstalliert wurde, aber trotzdem noch bei den Programmen auftaucht, oder ist da etwas falsch? LG EDIT: Installiert wurde das Programm am 21.3.2015 Geändert von himynameis (05.04.2015 um 15:10 Uhr) |
|
| Themen zu Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen |
| avira, client, dllhost.exe, dnsapi.dll, e-mail, escape, fehler, file, folge, fund, geändert, infos, lenovo ideapad, livecomm.exe, namens, neu, nichts, online, online banking, passwort, rechner, scannen, software, spiele, suchmaschine, virus, windows, yahoo, zugriff |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
