|
Log-Analyse und Auswertung: Anti Rootkit: Registry value "AppInit_Dlls" gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.01.2016, 16:21 | #1 |
| Anti Rootkit: Registry value "AppInit_Dlls" gefunden Hallo, nachdem mir hier kürzlich erfolgreich durch Cosinus geholfen wurde, habe ich spaßeshalber mal Malewarebytes Anti Rootkit auf meinem anderen Rechner entpackt. Währenddessen wurd der Registry-Wert "AppInit_Dlls" gefunden, der auf Rootkit-Aktiviäteten hindeuten könnte. Habe daraufhin die Installation abgebrochen und möchte nun auch den Zweitrechner mal umgehend prüfen. Hier die FRST-Logs. FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01 durchgeführt von name (Administrator) auf name-THINK (13-01-2016 16:13:47) Gestartet von C:\Users\name\Desktop Geladene Profile: name (Verfügbare Profile: UpdatusUser & name & name) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe () C:\Windows\System32\nvwmi64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe () C:\Windows\System32\nvwmi64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-25] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] () HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-27] (Ruiware) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-02-10] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{C4D58162-E1AA-40BF-8216-564603EAEAAC}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation) DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///H:/Mydlink/activeX/DCP.cab DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///H:/Mydlink/activeX/aplugLiteDL.cab FireFox: ======== FF ProfilePath: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Session Restore: -> ist aktiviert. FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-12-19] (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-12-19] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems) FF Plugin HKU\S-1-5-21-1502850821-2927420759-2148834354-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll [2012-08-30] (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-03] (Apple Inc.) FF Extension: Default Full Zoom Level - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-06-04] FF Extension: MeasureIt - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2015-06-04] FF Extension: NoScript - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-08] FF Extension: Avira Browser Safety - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\abs@avira.com [2016-01-13] FF Extension: Bing Search Engine - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\bingsearch.full@microsoft.com [2015-04-28] [ist nicht signiert] FF Extension: Firebug - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-21] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-08] [ist nicht signiert] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [ist nicht signiert] FF HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-08] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\name\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG) S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.) S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2012-02-27] (Lenovo.) S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-25] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) R4 avkmgr; system32\DRIVERS\avkmgr.sys [X] S2 bckd; system32\drivers\bckd.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-13 16:12 - 2016-01-13 16:12 - 00000533 _____ C:\Users\name\Desktop\trojanerboard.txt 2016-01-13 16:08 - 2016-01-13 16:09 - 00027110 _____ C:\Users\name\Desktop\Addition.txt 2016-01-13 16:07 - 2016-01-13 16:13 - 00020870 _____ C:\Users\name\Desktop\FRST.txt 2016-01-13 16:07 - 2016-01-13 16:07 - 02370560 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe 2016-01-13 15:57 - 2016-01-13 15:58 - 16563352 _____ (Malwarebytes Corp.) C:\Users\name\Desktop\mbar-1.09.3.1001.exe 2016-01-13 15:50 - 2016-01-13 15:50 - 02370560 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe 2016-01-13 13:47 - 2016-01-13 13:49 - 00000165 _____ C:\Users\name\Desktop\Trading Rules.txt 2016-01-08 18:55 - 2016-01-08 18:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-01-08 18:55 - 2016-01-08 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-01-08 18:49 - 2016-01-08 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-01-08 18:48 - 2016-01-08 18:49 - 00000000 ____D C:\Program Files\iTunes 2016-01-08 18:48 - 2016-01-08 18:49 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-01-08 18:48 - 2016-01-08 18:48 - 00000000 ____D C:\Program Files\iPod 2016-01-07 11:10 - 2016-01-07 11:10 - 00040929 _____ C:\Users\name\Desktop\Fax-2016-01-07-1.pdf 2015-12-15 14:10 - 2015-12-15 14:10 - 00000925 _____ C:\Users\name\Desktop\TB.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-13 16:13 - 2014-06-01 13:02 - 00000000 ____D C:\FRST 2016-01-13 16:08 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-13 16:08 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-13 16:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-13 16:02 - 2015-11-21 18:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-13 15:48 - 2015-04-28 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-13 15:41 - 2015-04-08 10:04 - 00000000 ____D C:\Users\name\AppData\Local\CrashDumps 2016-01-13 13:05 - 2012-07-20 10:31 - 00000000 ____D C:\Users\name\AppData\Local\Adobe 2016-01-13 13:01 - 2012-03-30 13:23 - 00699682 _____ C:\Windows\system32\perfh007.dat 2016-01-13 13:01 - 2012-03-30 13:23 - 00149790 _____ C:\Windows\system32\perfc007.dat 2016-01-13 13:01 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-13 13:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-13 13:00 - 2013-09-06 09:01 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-13 13:00 - 2012-10-19 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-01-13 12:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-12 21:30 - 2013-08-01 17:33 - 00000000 ____D C:\Users\name\AppData\Roaming\vlc 2016-01-12 20:42 - 2013-08-01 17:33 - 00000000 ____D C:\Users\name\AppData\Roaming\dvdcss 2016-01-08 19:52 - 2013-12-11 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-08 19:52 - 2012-05-06 11:20 - 00000000 ____D C:\Program Files\7-Zip 2016-01-08 19:52 - 2012-05-06 07:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 19:21 - 2014-02-14 08:11 - 00000000 ____D C:\ProgramData\TEMP 2016-01-08 19:21 - 2014-02-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2016-01-08 19:21 - 2014-02-14 08:10 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2016-01-08 19:20 - 2015-11-21 17:39 - 00002240 _____ C:\Users\name\Desktop\Kindle.lnk 2016-01-08 19:18 - 2015-01-16 10:05 - 00000000 ____D C:\Users\name\AppData\Roaming\Skype 2016-01-08 18:55 - 2015-01-16 10:05 - 00000000 ____D C:\Users\name\AppData\Local\Skype 2016-01-08 18:55 - 2014-11-17 10:34 - 00000000 ____D C:\ProgramData\Skype 2016-01-08 18:48 - 2013-09-27 09:57 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-01-08 18:41 - 2015-04-30 17:47 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk 2016-01-08 18:41 - 2015-04-30 17:47 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2016-01-08 18:32 - 2012-04-14 07:03 - 00099312 _____ C:\Users\name\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-07 11:27 - 2013-11-17 08:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-04 09:43 - 2012-10-01 09:53 - 00000000 ____D C:\Users\name\AppData\Roaming\FileZilla 2016-01-04 09:34 - 2012-05-12 16:37 - 00000000 ____D C:\Program Files (x86)\phase5 2015-12-23 09:52 - 2015-09-03 08:14 - 00000000 ____D C:\Users\name\.oracle_jre_usage 2015-12-19 09:08 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-10-07 13:02 - 2014-07-03 14:50 - 0001456 _____ () C:\Users\name\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2015-07-16 09:31 - 2015-07-16 09:31 - 0000275 _____ () C:\Users\name\AppData\Local\HamsterAudioConverterSettings.cfg 2012-07-17 08:16 - 2012-07-17 08:16 - 0007619 _____ () C:\Users\name\AppData\Local\recently-used.xbel 2013-10-29 16:24 - 2013-10-29 16:24 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-08-25 09:15 - 2013-08-27 07:59 - 0001534 _____ () C:\ProgramData\ss.ini Einige Dateien in TEMP: ==================== C:\Users\name\AppData\Local\Temp\avgnt.exe C:\Users\name\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-10 16:30 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 durchgeführt von name (2016-01-13 16:14:42) Gestartet von C:\Users\name\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-04-14 06:02:26) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1502850821-2927420759-2148834354-500 - Administrator - Disabled) Gast (S-1-5-21-1502850821-2927420759-2148834354-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1502850821-2927420759-2148834354-1003 - Limited - Enabled) name (S-1-5-21-1502850821-2927420759-2148834354-1004 - Limited - Enabled) => C:\Users\name name (S-1-5-21-1502850821-2927420759-2148834354-1001 - Administrator - Enabled) => C:\Users\name UpdatusUser (S-1-5-21-1502850821-2927420759-2148834354-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.242 - Amazon) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998929134.48.56.6499218 - Audible, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - ) Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Deutsch (DE) + Pali (HKLM\...\{4CD3A532-B3F8-41D3-B91D-A9B6A53BE0E6}) (Version: 1.0.3.40 - Frank Snow) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen) English (US) + Pali (HKLM\...\{281ECE0A-D2D9-4051-9104-FC193ED72362}) (Version: 1.0.3.40 - Frank Snow) FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) Forex Tester 2.8.10 (HKLM-x32\...\{F5EC7F6B-B68B-433C-AA20-54EDFE76191D}_is1) (Version: - Forex Tester Software) Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Hamster Free Audio Convertor (HKLM-x32\...\{F100D4D4-DFAA-4807-8D4F-0CD44E85F4EA}_is1) (Version: 1.0.0.18 - Hamster Soft) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson) import.io (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\{95981586-8D7F-49E9-9C7F-3AA704641471}_is1) (Version: 0.1 - import.io) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation) iTunes (HKLM\...\{8A4D15F4-2148-48DF-AC31-9513E5B734ED}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation) KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple) KeePass Password Safe 1.30 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.30 - Dominik Reichl) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) LibreOffice 5.0.3.2 (HKLM-x32\...\{D61E7AA0-0380-49B9-8DDD-7685E2306176}) (Version: 5.0.3.2 - The Document Foundation) Logitech Media Server 7.7.2 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.2 - Logitech) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Node.js (HKLM\...\{1D65B406-5F81-4064-AF0B-A57368DA1DF2}) (Version: 4.1.0 - Node.js Foundation) NVIDIA 3D Vision Treiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation) NVIDIA Grafiktreiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation) NVIDIA WMI 2.19.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.19.0 - NVIDIA Corporation) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC) StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - ) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.67 - ) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel) Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware) XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {03C8D2F7-C5F5-4207-8235-3D9C5A7028A2} - System32\Tasks\AdobeAAMUpdater-1.0-name-THINK-name => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6 Task: {0AF752F4-85D1-49AC-A567-6B356B0DE3B2} - System32\Tasks\Amazon Music Helper => C:\Users\name\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-11-19] () Task: {0EFF2205-FC92-44C3-9847-11F40B84514D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe Task: {13882C03-37B4-4F56-A59E-3F043A6BC45D} - System32\Tasks\hpUtility.exe_{4952127C-3CC9-402C-86BE-02CBEC3351CE} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.) Task: {1949FBA0-C3CD-4D95-8CF4-D8C1EC416BE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {1BF94E8A-9370-4315-AFAE-C59B52FBA257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] () Task: {2A5074E8-5ACC-4D7C-B8E2-2B7689FB6C3A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () Task: {2E4027A1-1157-484A-B063-3FB599A1459B} - System32\Tasks\{E24F53F8-6B19-431A-B3EF-9CF1098307CE} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64de\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64de Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19 Task: {3B6F8732-8E3E-481A-B032-D48CCB0ABCA7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {3EA94329-78C3-4A77-80AB-3269078D89FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {57ADA937-B2A8-4A67-B936-FA50DF2E7AFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware! Task: {61294AAE-7DAC-42BD-9822-5DE8BD747EE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-02-27] (Lenovo Group Limited) Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00 Task: {6BF96F74-1599-49D3-9FE3-346D681363F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated) Task: {76E282E5-6E12-4B64-8961-BEF23A694991} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {8594D661-1412-43A1-A9D5-0614214D5250} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5 Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4 Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3 Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16 Task: {B8D51834-255C-4F7F-A4B0-E0B06BF29BAB} - System32\Tasks\AdobeAAMUpdater-1.0-name-THINK-name => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {BC3130C8-46CE-49F7-B138-D5DC4142C139} - System32\Tasks\{3197195D-9DA6-42F7-9DA2-372026995E84} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64en\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64en Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1 Task: {CE893D65-78EE-4A76-B74F-22666E11AA10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {D315440B-7E86-4757-A9C9-B53736A53C4B} - System32\Tasks\{0537E27E-EA97-463E-946A-37794CC09C30} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.0.105/de/abandoninstall?source=lightinstaller&page=tsMain Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2 Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17 Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18 Task: {FB7DC5DC-1E7F-4A05-BFD7-F51EF09F2B08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-03-11 10:23 - 2015-02-25 11:33 - 02855624 _____ () C:\Windows\system32\nvwmi64.exe 2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2015-10-16 11:08 - 2015-10-16 11:08 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-03-30 03:50 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2012-03-30 03:54 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe 2012-03-30 03:57 - 2012-02-27 19:07 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1001movie.com -> 1001movie.com Da befinden sich 6091 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2014-02-02 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: Datenträger ist nicht mit dem Internet verbunden. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: CxAudMsg => 2 MSCONFIG\Services: DozeSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LENOVO.MICMUTE => 2 MSCONFIG\Services: LENOVO.TPKNRSVC => 2 MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2 MSCONFIG\Services: LSCWinService => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NVSvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: PSI_SVC_2 => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: SUService => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: TPHKLOAD => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\Windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupfolder: C:^Users^name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk.Startup MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TpShocks => TpShocks.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{066C2DF9-CE01-4893-B121-87F235C1F134}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{A5B9B913-A3B4-4DD2-B2DF-C56321165A50}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{160EDAE5-0C27-458D-87A6-3066CD0D82C3}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{75F6B196-55D6-480C-B901-03BCFFB236D8}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [TCP Query User{52A79B02-8135-408B-9750-4AF5989255EA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{8BC156A1-2F42-4AF5-ACAB-8066253C28C6}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{A5473E19-00F0-4000-A819-134137585DBC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{88303A6F-0034-4C39-BE38-84AF27A853BB}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{AEF12D4E-2425-459F-957C-90493A64F0D8}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{5C281374-2030-4E70-98C9-CE179FF10FC2}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{A9F981A2-115B-4173-8E7C-5ED0CD8BEE96}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{C558B388-398C-4F15-B21A-347FDE89FF53}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{195ECF43-0705-4DA6-8DCD-1CFC0B93B219}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{6147B0F1-D04B-4441-BA54-F3800AA260F0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{8696D3DC-FC61-402C-9C39-428E4EAC853A}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe FirewallRules: [TCP Query User{4C821D61-F9C9-4747-A8F8-8A718D04A1E0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{B9A98F6C-F641-4B77-982F-95B24D794CC4}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{61727C54-6F89-450B-A382-36B2D5C047BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CFA6039F-DBB5-434F-BD3E-A30519BF4107}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B8F8CF75-2307-4623-A95D-E8CEB5A5644B}] => (Allow) C:\Windows\SysWOW64\mshta.exe FirewallRules: [{88FF759B-370D-4EC7-A718-0C292F346AAB}] => (Allow) C:\Windows\SysWOW64\mshta.exe FirewallRules: [TCP Query User{FC0EC2CF-6001-4872-A2F3-B1850131C5E1}H:\autorun.exe] => (Allow) H:\autorun.exe FirewallRules: [UDP Query User{33724047-83FC-4804-B7A6-7F1E39AD9503}H:\autorun.exe] => (Allow) H:\autorun.exe FirewallRules: [{7355498D-AEDD-4AEE-8C67-E8815F74211A}] => (Block) H:\autorun.exe FirewallRules: [{2B21C366-880B-467E-AF17-DE60E47B8DC3}] => (Block) H:\autorun.exe FirewallRules: [TCP Query User{A3094DD1-F3E1-44F5-9120-0B4354A6C37A}D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe] => (Allow) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [UDP Query User{5CF5B29B-2385-4C54-A72D-D0808E138CD8}D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe] => (Allow) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{9D654DC8-8319-4DD1-918A-AEE3B37A0599}] => (Block) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{E5AE8C44-4CBE-45F5-89DC-D401BC27E379}] => (Block) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{8C20F360-D2C3-4D07-8DA6-B05C0F6A2C1B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{A691712E-8004-4553-8912-43CC657762A3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{942A1C3D-1199-49A4-A990-A1FC18564B60}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{C7BC6CBD-0449-44A3-AD6E-1ADABBA9B18C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{B84D9E09-C4BB-4CCA-ADE2-1E26158A0AA5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{E0C9B70A-0611-45B6-9C7F-12A2A4D4C4A0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{D1227779-028C-40F0-80D3-BE31CB681B86}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{063109A6-3269-45A0-9947-65F30BC87640}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8E06DC3B-7B03-4B09-9872-E254DD72942D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0E82232A-E53B-4138-BBD7-D9B3CF54F7BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{82983104-15F9-4B8C-ABB2-1DFE08791558}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{D7A28448-629F-459E-A3C0-DD8584E2E215}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{30246298-8053-4C62-A327-9492A7EE0F4D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{ADD0BFD2-E479-4668-93BC-6E7B0CEFBBE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{22018C93-8433-4B62-8D33-DF63089F62D0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{CF667B67-D3E5-4B0B-8DEF-5530E70EBB81}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{632B4295-BD9D-4857-BBEF-F10FA49C9C12}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9B1BF0F2-4D92-4D92-8A95-C56E40CD3483}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{49DA3172-BEBA-4418-AD89-C0CF1F5DEE88}] => (Allow) LPort=12546 FirewallRules: [TCP Query User{D6C753CD-1316-4988-8059-651541217002}D:\temp\install\portfolio\portfolioperformance.exe] => (Allow) D:\temp\install\portfolio\portfolioperformance.exe FirewallRules: [UDP Query User{573A92C0-8317-45D7-BB82-206C8AEFAB57}D:\temp\install\portfolio\portfolioperformance.exe] => (Allow) D:\temp\install\portfolio\portfolioperformance.exe FirewallRules: [TCP Query User{A950BEE9-6F1F-4A38-BDA8-514486D18E69}D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe] => (Allow) D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe FirewallRules: [UDP Query User{ADBCFF48-4CF1-4A0A-9DC6-96BDD1F613D6}D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe] => (Allow) D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe FirewallRules: [{1F1AAA73-8A9F-4168-8272-B0A5C77EA5A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{152E6739-94D9-4EBB-8B63-7A07153ED1A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D3831111-458F-4F77-9D51-E4A30B699583}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{30D5E05E-9644-47F3-ABAA-259BC254D06F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3F175E59-CDFE-4507-83D8-7BDECDC31864}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C6D062E-7692-4DC1-8B7D-BA8DB0CFE03E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EA7F53E1-A8CA-487A-B1F4-E85690F23518}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe DomainProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI) DomainProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI) DomainProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI) DomainProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI) DomainProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI) DomainProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI) DomainProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI) DomainProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI) DomainProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI) DomainProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI) DomainProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI) DomainProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI) DomainProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI) DomainProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI) DomainProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI) DomainProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp DomainProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp StandardProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI) StandardProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI) StandardProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI) StandardProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI) StandardProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI) StandardProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI) StandardProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI) StandardProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI) StandardProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI) StandardProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI) StandardProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI) StandardProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI) StandardProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI) StandardProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI) StandardProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI) StandardProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp StandardProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp ==================== Wiederherstellungspunkte ========================= 03-01-2016 14:27:53 Windows Update 07-01-2016 10:00:55 Windows Update 08-01-2016 18:45:17 Installed iTunes 10-01-2016 19:23:13 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: bckd Description: bckd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bckd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (01/13/2016 04:13:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 3.3.14.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fa4 Startzeit: 01d14e141cb4cdd3 Endzeit: 15 Anwendungspfad: C:\Users\name\Desktop\FRST64.exe Berichts-ID: Error: (01/13/2016 03:50:11 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (01/13/2016 03:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm setup.exe, Version 15.0.15.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 165c Startzeit: 01d14e109ad3c714 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe Berichts-ID: Error: (01/13/2016 03:41:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7601.18896, Zeitstempel: 0x557f4749 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000225811 ID des fehlerhaften Prozesses: 0x1184 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (01/13/2016 12:56:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2016 09:01:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2016 07:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2016 05:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2016 12:43:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/12/2016 09:09:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (01/13/2016 12:55:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/13/2016 09:01:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2016 07:51:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2016 05:52:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2016 12:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2016 09:09:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/11/2016 08:28:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.213.2402.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/11/2016 08:28:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.213.2402.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/11/2016 07:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/11/2016 06:04:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 CodeIntegrity: =================================== Date: 2014-02-02 08:17:34.626 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.423 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.236 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.064 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-07-16 15:05:01.912 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-07-16 15:05:01.874 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz Prozentuale Nutzung des RAM: 26% Installierter physikalischer RAM: 8075.23 MB Verfügbarer physikalischer RAM: 5971.53 MB Summe virtueller Speicher: 16148.68 MB Verfügbarer virtueller Speicher: 14056.3 MB ==================== Laufwerke ================================ Drive c: (Windows7_OS) (Fixed) (Total:100 GB) (Free:15.67 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (data) (Fixed) (Total:348.67 GB) (Free:325.87 GB) NTFS Drive h: (SOPRANOS_SEASON) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.11 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B2FF4958) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=348.7 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
14.01.2016, 15:33 | #2 |
/// TB-Ausbilder | Anti Rootkit: Registry value "AppInit_Dlls" gefundenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
14.01.2016, 16:40 | #3 |
| Anti Rootkit: Registry value "AppInit_Dlls" gefunden Hi Matthias,
__________________vorab schonmal danke für Deine Hilfe. Es wurden keine infizierten Objekte gefunden. TDSSKiller-Report Code:
ATTFilter 16:35:31.0048 0x1a08 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12 16:35:37.0910 0x1a08 ============================================================ 16:35:37.0910 0x1a08 Current date / time: 2016/01/14 16:35:37.0910 16:35:37.0910 0x1a08 SystemInfo: 16:35:37.0910 0x1a08 16:35:37.0910 0x1a08 OS Version: 6.1.7601 ServicePack: 1.0 16:35:37.0910 0x1a08 Product type: Workstation 16:35:37.0910 0x1a08 ComputerName: name-THINK 16:35:37.0911 0x1a08 UserName: name 16:35:37.0911 0x1a08 Windows directory: C:\Windows 16:35:37.0911 0x1a08 System windows directory: C:\Windows 16:35:37.0911 0x1a08 Running under WOW64 16:35:37.0911 0x1a08 Processor architecture: Intel x64 16:35:37.0911 0x1a08 Number of processors: 8 16:35:37.0911 0x1a08 Page size: 0x1000 16:35:37.0911 0x1a08 Boot type: Normal boot 16:35:37.0911 0x1a08 ============================================================ 16:35:38.0540 0x1a08 KLMD registered as C:\Windows\system32\drivers\37895943.sys 16:35:40.0815 0x1a08 System UUID: {D801A976-306B-32DE-F7D4-14BDE767554B} 16:35:41.0632 0x1a08 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:35:41.0646 0x1a08 ============================================================ 16:35:41.0647 0x1a08 \Device\Harddisk0\DR0: 16:35:41.0647 0x1a08 MBR partitions: 16:35:41.0647 0x1a08 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000 16:35:41.0647 0x1a08 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC800000 16:35:41.0664 0x1a08 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCAEF000, BlocksNum 0x2B956800 16:35:41.0664 0x1a08 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000 16:35:41.0664 0x1a08 ============================================================ 16:35:41.0684 0x1a08 C: <-> \Device\Harddisk0\DR0\Partition2 16:35:41.0730 0x1a08 Q: <-> \Device\Harddisk0\DR0\Partition4 16:35:41.0763 0x1a08 D: <-> \Device\Harddisk0\DR0\Partition3 16:35:41.0764 0x1a08 ============================================================ 16:35:41.0764 0x1a08 Initialize success 16:35:41.0764 0x1a08 ============================================================ 16:36:19.0857 0x15e8 ============================================================ 16:36:19.0857 0x15e8 Scan started 16:36:19.0857 0x15e8 Mode: Manual; SigCheck; TDLFS; 16:36:19.0857 0x15e8 ============================================================ 16:36:19.0857 0x15e8 KSN ping started 16:36:22.0665 0x15e8 KSN ping finished: true 16:36:23.0632 0x15e8 ================ Scan system memory ======================== 16:36:23.0632 0x15e8 System memory - ok 16:36:23.0632 0x15e8 ================ Scan services ============================= 16:36:23.0804 0x15e8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:36:23.0960 0x15e8 1394ohci - ok 16:36:24.0022 0x15e8 [ F4AF97702BAD85BFEF64B9A557F11B6F, 8255B2FBE64C60562A7DAAAD575EED49EE0D23DD42E5C76C988B8A3673843EA6 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 16:36:24.0084 0x15e8 5U877 - ok 16:36:24.0131 0x15e8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:36:24.0194 0x15e8 ACPI - ok 16:36:24.0209 0x15e8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:36:24.0287 0x15e8 AcpiPmi - ok 16:36:24.0381 0x15e8 [ 6C4B9E202A497782070CE383CBD5D737, DE09569366AF09314BF75D024F36D30C17D1C36D330855A84E669F366163E780 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 16:36:24.0412 0x15e8 AcPrfMgrSvc - ok 16:36:24.0459 0x15e8 [ B3BF04C7E3E4FB0925BB4F8422763A3D, 77E5205D67167B8E00A7AFC6A78ACCDF5FE6EE8854166CF853DEEC260E87E58E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 16:36:24.0506 0x15e8 AcSvc - ok 16:36:24.0615 0x15e8 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:36:24.0646 0x15e8 AdobeARMservice - ok 16:36:24.0849 0x15e8 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:36:24.0880 0x15e8 AdobeFlashPlayerUpdateSvc - ok 16:36:24.0958 0x15e8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:36:25.0020 0x15e8 adp94xx - ok 16:36:25.0083 0x15e8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:36:25.0145 0x15e8 adpahci - ok 16:36:25.0176 0x15e8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:36:25.0208 0x15e8 adpu320 - ok 16:36:25.0254 0x15e8 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:36:25.0301 0x15e8 AeLookupSvc - ok 16:36:25.0364 0x15e8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 16:36:25.0442 0x15e8 AFD - ok 16:36:25.0473 0x15e8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 16:36:25.0504 0x15e8 agp440 - ok 16:36:25.0707 0x15e8 [ A9F3294F6939172C45D6C5AF2E563714, 5A3C1CFF254222D210974E974D4E5FEC38CA83D855E3DF341719CD0E3BA67171 ] AGSService C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 16:36:26.0159 0x15e8 AGSService - ok 16:36:26.0206 0x15e8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 16:36:26.0268 0x15e8 ALG - ok 16:36:26.0300 0x15e8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 16:36:26.0331 0x15e8 aliide - ok 16:36:26.0362 0x15e8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 16:36:26.0378 0x15e8 amdide - ok 16:36:26.0409 0x15e8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:36:26.0471 0x15e8 AmdK8 - ok 16:36:26.0487 0x15e8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 16:36:26.0534 0x15e8 AmdPPM - ok 16:36:26.0565 0x15e8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:36:26.0612 0x15e8 amdsata - ok 16:36:26.0627 0x15e8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 16:36:26.0674 0x15e8 amdsbs - ok 16:36:26.0690 0x15e8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:36:26.0721 0x15e8 amdxata - ok 16:36:26.0768 0x15e8 [ D86564B66FB10C73C13F40F7D8E40FE6, 5D31327759436446AC63A385B2BD1A4759D180A855941AE42245C5769724FBED ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 16:36:26.0830 0x15e8 AMPPAL - ok 16:36:26.0846 0x15e8 [ D86564B66FB10C73C13F40F7D8E40FE6, 5D31327759436446AC63A385B2BD1A4759D180A855941AE42245C5769724FBED ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 16:36:26.0877 0x15e8 AMPPALP - ok 16:36:26.0986 0x15e8 [ 9BE647AB104153BD0053EB4A48F50B31, 06BE3CA2C3F0D675DC3802BE8D12511495553EA1FB8118427998F5D2EDA550C7 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 16:36:27.0064 0x15e8 AMPPALR3 - ok 16:36:27.0111 0x15e8 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 16:36:27.0173 0x15e8 AppID - ok 16:36:27.0189 0x15e8 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:36:27.0236 0x15e8 AppIDSvc - ok 16:36:27.0267 0x15e8 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll 16:36:27.0329 0x15e8 Appinfo - ok 16:36:27.0423 0x15e8 [ BB6093AD659360CB350F4E84B445F36D, 16E16AD8E58C3777E2C858C8223BEB3CC9999E6FDCD23A0013C39AAADC54193C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:36:27.0454 0x15e8 Apple Mobile Device - ok 16:36:27.0501 0x15e8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 16:36:27.0563 0x15e8 AppMgmt - ok 16:36:27.0610 0x15e8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 16:36:27.0641 0x15e8 arc - ok 16:36:27.0657 0x15e8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:36:27.0688 0x15e8 arcsas - ok 16:36:27.0797 0x15e8 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 16:36:27.0844 0x15e8 aspnet_state - ok 16:36:27.0860 0x15e8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:36:28.0031 0x15e8 AsyncMac - ok 16:36:28.0094 0x15e8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 16:36:28.0109 0x15e8 atapi - ok 16:36:28.0187 0x15e8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:36:28.0281 0x15e8 AudioEndpointBuilder - ok 16:36:28.0328 0x15e8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:36:28.0406 0x15e8 AudioSrv - ok 16:36:28.0437 0x15e8 Avira.ServiceHost - ok 16:36:28.0484 0x15e8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:36:28.0577 0x15e8 AxInstSV - ok 16:36:28.0640 0x15e8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 16:36:28.0749 0x15e8 b06bdrv - ok 16:36:28.0780 0x15e8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:36:28.0842 0x15e8 b57nd60a - ok 16:36:28.0874 0x15e8 bckd - ok 16:36:29.0108 0x15e8 [ 950E6EA686AEA8BC970132B9DD2093DE, CC2B810A676C144CFC1547D982DFC223D12533109F6E7B15E3E3C73F170D4CA8 ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe 16:36:29.0310 0x15e8 bckwfs - ok 16:36:29.0373 0x15e8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 16:36:29.0420 0x15e8 BDESVC - ok 16:36:29.0451 0x15e8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 16:36:29.0560 0x15e8 Beep - ok 16:36:29.0654 0x15e8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 16:36:29.0747 0x15e8 BFE - ok 16:36:29.0825 0x15e8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 16:36:30.0075 0x15e8 BITS - ok 16:36:30.0106 0x15e8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:36:30.0153 0x15e8 blbdrive - ok 16:36:30.0231 0x15e8 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:36:30.0278 0x15e8 Bonjour Service - ok 16:36:30.0324 0x15e8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:36:30.0387 0x15e8 bowser - ok 16:36:30.0418 0x15e8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:36:30.0465 0x15e8 BrFiltLo - ok 16:36:30.0480 0x15e8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:36:30.0512 0x15e8 BrFiltUp - ok 16:36:30.0543 0x15e8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 16:36:30.0652 0x15e8 BridgeMP - ok 16:36:30.0730 0x15e8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 16:36:30.0777 0x15e8 Browser - ok 16:36:30.0824 0x15e8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:36:30.0902 0x15e8 Brserid - ok 16:36:30.0917 0x15e8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:36:30.0964 0x15e8 BrSerWdm - ok 16:36:30.0980 0x15e8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:36:31.0026 0x15e8 BrUsbMdm - ok 16:36:31.0042 0x15e8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:36:31.0073 0x15e8 BrUsbSer - ok 16:36:31.0120 0x15e8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 16:36:31.0167 0x15e8 BthEnum - ok 16:36:31.0198 0x15e8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:36:31.0245 0x15e8 BTHMODEM - ok 16:36:31.0276 0x15e8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:36:31.0323 0x15e8 BthPan - ok 16:36:31.0401 0x15e8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 16:36:31.0479 0x15e8 BTHPORT - ok 16:36:31.0510 0x15e8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 16:36:31.0619 0x15e8 bthserv - ok 16:36:31.0650 0x15e8 [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 16:36:31.0682 0x15e8 BTHSSecurityMgr - ok 16:36:31.0697 0x15e8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 16:36:31.0744 0x15e8 BTHUSB - ok 16:36:31.0822 0x15e8 [ 8834F87A6A745872894DF8223201A6C3, B8C26E11EAAB4A93E4241B4B6F00C1CA05501011E28D6A06D4B009BA4E3AB7CD ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 16:36:31.0869 0x15e8 BTWAMPFL - ok 16:36:31.0900 0x15e8 [ 9863D82ECBEC6106D377ED73680D99D8, 27DA7335BB14BBF9DC627C8F97ED59BA3479E5E084704AE4C16B1A3E67CB184C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 16:36:31.0931 0x15e8 btwaudio - ok 16:36:31.0962 0x15e8 [ 3432DD66AE75AB2DE6D0527AD78DBFC7, C2DEB409CDA3621E33E429E592A81E09095C52CDCE36732C9BEA00B92994E44D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 16:36:31.0994 0x15e8 btwavdt - ok 16:36:32.0087 0x15e8 [ EB4AFE08FB39BB444F221D7D501E0915, 2AF8ECEEAB5A0E972660C1553B555E49C49F19500ABD67DFEB9BEBA7E577A700 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 16:36:32.0181 0x15e8 btwdins - ok 16:36:32.0212 0x15e8 [ 382DC5A631CED0462EA09B7EB898BDBF, 7457145E194310F4EB9273471EA41100D3A1448BC2A366064B25A212B389AACB ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 16:36:32.0243 0x15e8 btwl2cap - ok 16:36:32.0259 0x15e8 [ 13A9C2CEDD44C175E6CA39A536795CA6, 13D6D24C2127E6A5E9AB2DFAA9729D57AA6CFCC72DFACF78E4DE7E63ABA122DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 16:36:32.0274 0x15e8 btwrchid - ok 16:36:32.0321 0x15e8 catchme - ok 16:36:32.0352 0x15e8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:36:32.0462 0x15e8 cdfs - ok 16:36:32.0493 0x15e8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:36:32.0540 0x15e8 cdrom - ok 16:36:32.0571 0x15e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 16:36:32.0664 0x15e8 CertPropSvc - ok 16:36:32.0696 0x15e8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 16:36:32.0727 0x15e8 circlass - ok 16:36:32.0789 0x15e8 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 16:36:32.0836 0x15e8 CLFS - ok 16:36:32.0898 0x15e8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:36:32.0930 0x15e8 clr_optimization_v2.0.50727_32 - ok 16:36:32.0961 0x15e8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:36:32.0992 0x15e8 clr_optimization_v2.0.50727_64 - ok 16:36:33.0070 0x15e8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:36:33.0132 0x15e8 clr_optimization_v4.0.30319_32 - ok 16:36:33.0164 0x15e8 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:36:33.0210 0x15e8 clr_optimization_v4.0.30319_64 - ok 16:36:33.0242 0x15e8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:36:33.0288 0x15e8 CmBatt - ok 16:36:33.0304 0x15e8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:36:33.0335 0x15e8 cmdide - ok 16:36:33.0413 0x15e8 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 16:36:33.0507 0x15e8 CNG - ok 16:36:33.0647 0x15e8 [ 5BEC441B6B91E874C987C06F98176D90, FA4B523271947AE908C41BA2ABB1E4871359C8DE21E0ECC2B4CD49F734EF8FB4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 16:36:33.0788 0x15e8 CnxtHdAudService - ok 16:36:33.0819 0x15e8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 16:36:33.0850 0x15e8 Compbatt - ok 16:36:33.0881 0x15e8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:36:33.0928 0x15e8 CompositeBus - ok 16:36:33.0944 0x15e8 COMSysApp - ok 16:36:33.0959 0x15e8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:36:33.0990 0x15e8 crcdisk - ok 16:36:34.0037 0x15e8 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:36:34.0115 0x15e8 CryptSvc - ok 16:36:34.0162 0x15e8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 16:36:34.0256 0x15e8 CSC - ok 16:36:34.0334 0x15e8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 16:36:34.0412 0x15e8 CscService - ok 16:36:34.0474 0x15e8 [ 9D0D050170D47E778B624A28C90F23DE, 48528AA9EB0C9FB5086D992EF1F9556C8249D267C2E3D4E681D5C8B6BC316C71 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 16:36:34.0614 0x15e8 CxAudMsg - ok 16:36:34.0677 0x15e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:36:34.0833 0x15e8 DcomLaunch - ok 16:36:34.0880 0x15e8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 16:36:35.0004 0x15e8 defragsvc - ok 16:36:35.0036 0x15e8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:36:35.0129 0x15e8 DfsC - ok 16:36:35.0192 0x15e8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:36:35.0270 0x15e8 Dhcp - ok 16:36:35.0441 0x15e8 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll 16:36:35.0582 0x15e8 DiagTrack - ok 16:36:35.0613 0x15e8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 16:36:35.0706 0x15e8 discache - ok 16:36:35.0753 0x15e8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 16:36:35.0784 0x15e8 Disk - ok 16:36:35.0816 0x15e8 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:36:35.0862 0x15e8 dmvsc - ok 16:36:35.0909 0x15e8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:36:35.0972 0x15e8 Dnscache - ok 16:36:36.0018 0x15e8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 16:36:36.0128 0x15e8 dot3svc - ok 16:36:36.0206 0x15e8 [ 277247B79DA2230D0C3AEB83E6CD8CA7, E6C1BD8374AAA17F20E8C4D7E8B729537E4CB14537D55B7D6C3C8863A431D64E ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 16:36:36.0268 0x15e8 DozeSvc - ok 16:36:36.0284 0x15e8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 16:36:36.0393 0x15e8 DPS - ok 16:36:36.0424 0x15e8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:36:36.0471 0x15e8 drmkaud - ok 16:36:36.0549 0x15e8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:36:36.0642 0x15e8 DXGKrnl - ok 16:36:36.0705 0x15e8 [ CE4CFFD9F64B86BCEB1C343FC9924D72, A7E03531661C808F34560765136E1912A1389C459BA996880761539F4967056E ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys 16:36:36.0720 0x15e8 DzHDD64 - ok 16:36:36.0783 0x15e8 [ 23B6F8081F5C7AF1343810641EE0DD58, 571EF6BC76C062AF0FC696213638831EBC90B056B353AD440B01CA17E0D5B1B7 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 16:36:36.0845 0x15e8 e1cexpress - ok 16:36:36.0876 0x15e8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 16:36:36.0986 0x15e8 EapHost - ok 16:36:37.0235 0x15e8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 16:36:37.0547 0x15e8 ebdrv - ok 16:36:37.0578 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS C:\Windows\System32\lsass.exe 16:36:37.0641 0x15e8 EFS - ok 16:36:37.0703 0x15e8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:36:37.0766 0x15e8 elxstor - ok 16:36:37.0797 0x15e8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:36:37.0828 0x15e8 ErrDev - ok 16:36:37.0890 0x15e8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 16:36:38.0000 0x15e8 EventSystem - ok 16:36:38.0109 0x15e8 [ 00B132F23AA25DEF2060D490B0AB70EF, AAE3BA09C2201EA27D3DB761B3D3E8A3EE80A14B451B743F4DF1281D87166857 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 16:36:38.0171 0x15e8 EvtEng - ok 16:36:38.0218 0x15e8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 16:36:38.0327 0x15e8 exfat - ok 16:36:38.0358 0x15e8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:36:38.0483 0x15e8 fastfat - ok 16:36:38.0561 0x15e8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 16:36:38.0670 0x15e8 Fax - ok 16:36:38.0686 0x15e8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 16:36:38.0733 0x15e8 fdc - ok 16:36:38.0764 0x15e8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 16:36:38.0842 0x15e8 fdPHost - ok 16:36:38.0858 0x15e8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 16:36:38.0951 0x15e8 FDResPub - ok 16:36:38.0982 0x15e8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:36:39.0014 0x15e8 FileInfo - ok 16:36:39.0029 0x15e8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:36:39.0138 0x15e8 Filetrace - ok 16:36:39.0154 0x15e8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 16:36:39.0185 0x15e8 flpydisk - ok 16:36:39.0232 0x15e8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:36:39.0279 0x15e8 FltMgr - ok 16:36:39.0388 0x15e8 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 16:36:39.0528 0x15e8 FontCache - ok 16:36:39.0591 0x15e8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:36:39.0606 0x15e8 FontCache3.0.0.0 - ok 16:36:39.0638 0x15e8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:36:39.0669 0x15e8 FsDepends - ok 16:36:39.0700 0x15e8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:36:39.0716 0x15e8 Fs_Rec - ok 16:36:39.0778 0x15e8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:36:39.0825 0x15e8 fvevol - ok 16:36:39.0856 0x15e8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:36:39.0887 0x15e8 gagp30kx - ok 16:36:39.0934 0x15e8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:36:39.0950 0x15e8 GEARAspiWDM - ok 16:36:40.0028 0x15e8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 16:36:40.0168 0x15e8 gpsvc - ok 16:36:40.0246 0x15e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:36:40.0277 0x15e8 gupdate - ok 16:36:40.0293 0x15e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:36:40.0324 0x15e8 gupdatem - ok 16:36:40.0355 0x15e8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:36:40.0402 0x15e8 hcw85cir - ok 16:36:40.0449 0x15e8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:36:40.0511 0x15e8 HdAudAddService - ok 16:36:40.0558 0x15e8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:36:40.0605 0x15e8 HDAudBus - ok 16:36:40.0620 0x15e8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:36:40.0652 0x15e8 HidBatt - ok 16:36:40.0683 0x15e8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:36:40.0730 0x15e8 HidBth - ok 16:36:40.0745 0x15e8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 16:36:40.0808 0x15e8 HidIr - ok 16:36:40.0823 0x15e8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll 16:36:40.0917 0x15e8 hidserv - ok 16:36:40.0964 0x15e8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:36:41.0010 0x15e8 HidUsb - ok 16:36:41.0042 0x15e8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:36:41.0135 0x15e8 hkmsvc - ok 16:36:41.0182 0x15e8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:36:41.0229 0x15e8 HomeGroupListener - ok 16:36:41.0276 0x15e8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:36:41.0322 0x15e8 HomeGroupProvider - ok 16:36:41.0354 0x15e8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:36:41.0385 0x15e8 HpSAMD - ok 16:36:41.0463 0x15e8 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:36:41.0556 0x15e8 HTTP - ok 16:36:41.0572 0x15e8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:36:41.0603 0x15e8 hwpolicy - ok 16:36:41.0650 0x15e8 [ E935C8099F9196BF19224D9EE4808612, 7F39ACF763E042EFB9B41C7D805CF7C9E1261B14FC6E5C09BCA11623312E2C7B ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 16:36:41.0681 0x15e8 HyperW7Svc - ok 16:36:41.0728 0x15e8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:36:41.0759 0x15e8 i8042prt - ok 16:36:41.0837 0x15e8 [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor C:\Windows\system32\drivers\iaStor.sys 16:36:41.0900 0x15e8 iaStor - ok 16:36:41.0962 0x15e8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:36:42.0024 0x15e8 iaStorV - ok 16:36:42.0056 0x15e8 [ 3770DCC5A7006C555AD1A4AA84A842FC, B9FA66493C7E5A9D3C75E286F1C2B6E465CB2798CB1A522E56837B1569717673 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 16:36:42.0118 0x15e8 IBMPMDRV - ok 16:36:42.0149 0x15e8 [ 193EA32FC2E3738C23D43F587E30882F, ABCE2A7F6B66BC1A03FF46E324353F89B9C26A5E4FC1B437BEAAE3E4F127958B ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 16:36:42.0243 0x15e8 IBMPMSVC - ok 16:36:42.0321 0x15e8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:36:42.0414 0x15e8 idsvc - ok 16:36:42.0430 0x15e8 IEEtwCollectorService - ok 16:36:43.0272 0x15e8 [ 66DC0CE2D1867B8178EAA0E11930DBD7, 8870CBBEDD81E0886E9021FB43A3B26486C2E8CD05A805028A136950B3FA809A ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 16:36:44.0255 0x15e8 igfx - ok 16:36:44.0349 0x15e8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:36:44.0364 0x15e8 iirsp - ok 16:36:44.0442 0x15e8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 16:36:44.0552 0x15e8 IKEEXT - ok 16:36:44.0583 0x15e8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 16:36:44.0614 0x15e8 intelide - ok 16:36:44.0645 0x15e8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:36:44.0692 0x15e8 intelppm - ok 16:36:44.0723 0x15e8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:36:44.0817 0x15e8 IPBusEnum - ok 16:36:44.0848 0x15e8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:36:44.0926 0x15e8 IpFilterDriver - ok 16:36:45.0020 0x15e8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:36:45.0113 0x15e8 iphlpsvc - ok 16:36:45.0129 0x15e8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:36:45.0176 0x15e8 IPMIDRV - ok 16:36:45.0222 0x15e8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:36:45.0332 0x15e8 IPNAT - ok 16:36:45.0410 0x15e8 [ BD713ED20CFD71C32C4BE1928423AE9A, E0EE95FEA3930EA335D9B1FF74EEFAA61ECEC89AEBB1D0E43A1E1088F9990273 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:36:45.0472 0x15e8 iPod Service - ok 16:36:45.0488 0x15e8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:36:45.0550 0x15e8 IRENUM - ok 16:36:45.0566 0x15e8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:36:45.0597 0x15e8 isapnp - ok 16:36:45.0644 0x15e8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:36:45.0690 0x15e8 iScsiPrt - ok 16:36:45.0784 0x15e8 [ 6C85719A21B3F62C2C76280F4BD36C7B, 471E333467937720EF9369419EEDE5C2246C976123B437E0AC66F394CF1C056A ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 16:36:45.0815 0x15e8 jhi_service - ok 16:36:45.0831 0x15e8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:36:45.0862 0x15e8 kbdclass - ok 16:36:45.0893 0x15e8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:36:45.0940 0x15e8 kbdhid - ok 16:36:45.0956 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso C:\Windows\system32\lsass.exe 16:36:45.0987 0x15e8 KeyIso - ok 16:36:46.0034 0x15e8 [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:36:46.0065 0x15e8 KSecDD - ok 16:36:46.0080 0x15e8 [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:36:46.0127 0x15e8 KSecPkg - ok 16:36:46.0143 0x15e8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:36:46.0252 0x15e8 ksthunk - ok 16:36:46.0299 0x15e8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 16:36:46.0424 0x15e8 KtmRm - ok 16:36:46.0470 0x15e8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll 16:36:46.0580 0x15e8 LanmanServer - ok 16:36:46.0611 0x15e8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:36:46.0720 0x15e8 LanmanWorkstation - ok 16:36:46.0767 0x15e8 [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 16:36:46.0782 0x15e8 LENOVO.CAMMUTE - ok 16:36:46.0829 0x15e8 [ 7CFE36AF06E9C0984021796EDC8AC207, 5EA4CFA26D7FC39081C02FCE08BDDFD7FED144D16CC08201671543D4B7D8EA10 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 16:36:46.0860 0x15e8 LENOVO.MICMUTE - ok 16:36:46.0892 0x15e8 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 16:36:46.0923 0x15e8 lenovo.smi - ok 16:36:46.0938 0x15e8 [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 16:36:46.0954 0x15e8 LENOVO.TPKNRSVC - ok 16:36:47.0001 0x15e8 [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 16:36:47.0032 0x15e8 Lenovo.VIRTSCRLSVC - ok 16:36:47.0063 0x15e8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:36:47.0157 0x15e8 lltdio - ok 16:36:47.0204 0x15e8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:36:47.0328 0x15e8 lltdsvc - ok 16:36:47.0344 0x15e8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:36:47.0453 0x15e8 lmhosts - ok 16:36:47.0531 0x15e8 [ 97F9EAAC985A663394CD8F54DCD3E73A, D5BA3E7ED36BA361B1941F12D83568C30F7E49A8B9D54D3EBBBD05767E1F3B0A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 16:36:47.0562 0x15e8 LMS - ok 16:36:47.0609 0x15e8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:36:47.0640 0x15e8 LSI_FC - ok 16:36:47.0672 0x15e8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:36:47.0703 0x15e8 LSI_SAS - ok 16:36:47.0734 0x15e8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:36:47.0765 0x15e8 LSI_SAS2 - ok 16:36:47.0781 0x15e8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:36:47.0828 0x15e8 LSI_SCSI - ok 16:36:47.0843 0x15e8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 16:36:47.0952 0x15e8 luafv - ok 16:36:48.0015 0x15e8 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 16:36:48.0046 0x15e8 MBAMProtector - ok 16:36:48.0155 0x15e8 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 16:36:48.0264 0x15e8 MBAMService - ok 16:36:48.0296 0x15e8 MBAMSwissArmy - ok 16:36:48.0342 0x15e8 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 16:36:48.0374 0x15e8 MBAMWebAccessControl - ok 16:36:48.0389 0x15e8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 16:36:48.0420 0x15e8 megasas - ok 16:36:48.0467 0x15e8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:36:48.0514 0x15e8 MegaSR - ok 16:36:48.0545 0x15e8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 16:36:48.0576 0x15e8 MEIx64 - ok 16:36:48.0592 0x15e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 16:36:48.0686 0x15e8 MMCSS - ok 16:36:48.0701 0x15e8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 16:36:48.0810 0x15e8 Modem - ok 16:36:48.0842 0x15e8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:36:48.0888 0x15e8 monitor - ok 16:36:48.0935 0x15e8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:36:48.0966 0x15e8 mouclass - ok 16:36:48.0998 0x15e8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:36:49.0029 0x15e8 mouhid - ok 16:36:49.0076 0x15e8 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:36:49.0107 0x15e8 mountmgr - ok 16:36:49.0169 0x15e8 [ 98DA127D0AB8B6CB5773546AF60D9217, BB07F34552342CA40E843F80AA32C928C29EF81789605E53C795EFD564F2DA7F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:36:49.0310 0x15e8 MozillaMaintenance - ok 16:36:49.0372 0x15e8 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 16:36:49.0419 0x15e8 MpFilter - ok 16:36:49.0466 0x15e8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 16:36:49.0497 0x15e8 mpio - ok 16:36:49.0528 0x15e8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:36:49.0622 0x15e8 mpsdrv - ok 16:36:49.0762 0x15e8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:36:49.0918 0x15e8 MpsSvc - ok 16:36:49.0965 0x15e8 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:36:50.0012 0x15e8 MRxDAV - ok 16:36:50.0058 0x15e8 [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:36:50.0136 0x15e8 mrxsmb - ok 16:36:50.0168 0x15e8 [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:36:50.0230 0x15e8 mrxsmb10 - ok 16:36:50.0261 0x15e8 [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:36:50.0308 0x15e8 mrxsmb20 - ok 16:36:50.0324 0x15e8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 16:36:50.0355 0x15e8 msahci - ok 16:36:50.0402 0x15e8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:36:50.0433 0x15e8 msdsm - ok 16:36:50.0464 0x15e8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 16:36:50.0511 0x15e8 MSDTC - ok 16:36:50.0558 0x15e8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:36:50.0651 0x15e8 Msfs - ok 16:36:50.0667 0x15e8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:36:50.0760 0x15e8 mshidkmdf - ok 16:36:50.0776 0x15e8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:36:50.0807 0x15e8 msisadrv - ok 16:36:50.0854 0x15e8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:36:50.0963 0x15e8 MSiSCSI - ok 16:36:50.0963 0x15e8 msiserver - ok 16:36:50.0994 0x15e8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:36:51.0104 0x15e8 MSKSSRV - ok 16:36:51.0182 0x15e8 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:36:51.0197 0x15e8 MsMpSvc - ok 16:36:51.0228 0x15e8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:36:51.0338 0x15e8 MSPCLOCK - ok 16:36:51.0353 0x15e8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:36:51.0447 0x15e8 MSPQM - ok 16:36:51.0494 0x15e8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:36:51.0540 0x15e8 MsRPC - ok 16:36:51.0556 0x15e8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:36:51.0587 0x15e8 mssmbios - ok 16:36:51.0603 0x15e8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:36:51.0712 0x15e8 MSTEE - ok 16:36:51.0728 0x15e8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:36:51.0759 0x15e8 MTConfig - ok 16:36:51.0774 0x15e8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 16:36:51.0806 0x15e8 Mup - ok 16:36:51.0837 0x15e8 [ 74E1E62819D33F176821ADC9AFF8A3E7, 99E5C85E8A49ECBBBB5D9ABCA43BC7C756126F29A3B73E74D61F9644EF19FC8B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 16:36:51.0884 0x15e8 MyWiFiDHCPDNS - ok 16:36:51.0946 0x15e8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 16:36:52.0071 0x15e8 napagent - ok 16:36:52.0118 0x15e8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:36:52.0196 0x15e8 NativeWifiP - ok 16:36:52.0305 0x15e8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 16:36:52.0398 0x15e8 NDIS - ok 16:36:52.0414 0x15e8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:36:52.0523 0x15e8 NdisCap - ok 16:36:52.0570 0x15e8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:36:52.0664 0x15e8 NdisTapi - ok 16:36:52.0695 0x15e8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:36:52.0788 0x15e8 Ndisuio - ok 16:36:52.0820 0x15e8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:36:52.0913 0x15e8 NdisWan - ok 16:36:52.0944 0x15e8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:36:53.0054 0x15e8 NDProxy - ok 16:36:53.0085 0x15e8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:36:53.0178 0x15e8 NetBIOS - ok 16:36:53.0210 0x15e8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:36:53.0319 0x15e8 NetBT - ok 16:36:53.0350 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon C:\Windows\system32\lsass.exe 16:36:53.0381 0x15e8 Netlogon - ok 16:36:53.0428 0x15e8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 16:36:53.0553 0x15e8 Netman - ok 16:36:53.0600 0x15e8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:36:53.0646 0x15e8 NetMsmqActivator - ok 16:36:53.0662 0x15e8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:36:53.0693 0x15e8 NetPipeActivator - ok 16:36:53.0724 0x15e8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 16:36:53.0849 0x15e8 netprofm - ok 16:36:53.0865 0x15e8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:36:53.0896 0x15e8 NetTcpActivator - ok 16:36:53.0912 0x15e8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:36:53.0943 0x15e8 NetTcpPortSharing - ok 16:36:54.0785 0x15e8 [ D39BFDCB570E9019831901AB1B8B4443, 6A8E3761F211AE3C36F8BFE8247AE068B039B2CF5AE36607E6629873B0E4FFE3 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys 16:36:55.0690 0x15e8 NETwNs64 - ok 16:36:55.0752 0x15e8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:36:55.0768 0x15e8 nfrd960 - ok 16:36:55.0846 0x15e8 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:36:55.0877 0x15e8 NisDrv - ok 16:36:55.0924 0x15e8 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 16:36:55.0986 0x15e8 NisSrv - ok 16:36:56.0033 0x15e8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 16:36:56.0111 0x15e8 NlaSvc - ok 16:36:56.0127 0x15e8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:36:56.0220 0x15e8 Npfs - ok 16:36:56.0236 0x15e8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 16:36:56.0330 0x15e8 nsi - ok 16:36:56.0345 0x15e8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:36:56.0454 0x15e8 nsiproxy - ok 16:36:56.0595 0x15e8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:36:56.0751 0x15e8 Ntfs - ok 16:36:56.0766 0x15e8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 16:36:56.0844 0x15e8 Null - ok 16:36:56.0891 0x15e8 [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 16:36:56.0938 0x15e8 nusb3hub - ok 16:36:56.0954 0x15e8 [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 16:36:57.0016 0x15e8 nusb3xhc - ok 16:36:57.0094 0x15e8 [ 9412BBE7B4416692901B1BE8D962183E, 72A7D9C9ABD20EDD62AF77A52ABEF5402696D1BA214EEA9AAD91E6C69F1CC97C ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys 16:36:57.0203 0x15e8 nvkflt - ok 16:36:58.0092 0x15e8 [ 23FDD36706F27B9BAECE11E6C1804F00, 999F7C22C1FF24B17BF4767FA701863F3F9D7483AA200A7DE709DE272DA45DC0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:36:58.0857 0x15e8 nvlddmkm - ok 16:36:58.0935 0x15e8 [ 98B1C3093E7012691882111DB7978103, 94396175E50ADF087FE06167B9AF676ADB7C6629D5A8736EA7BC4AAD4F88AB47 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 16:36:58.0966 0x15e8 nvpciflt - ok 16:36:58.0997 0x15e8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:36:59.0044 0x15e8 nvraid - ok 16:36:59.0060 0x15e8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:36:59.0106 0x15e8 nvstor - ok 16:36:59.0200 0x15e8 [ D80BAD4DF433124BAAF4ED975723B387, 915DD9AF4A87B6C823DA8992BAAED0E06210E712CE8E7F940D2E8B8D345A6113 ] NVSvc C:\Windows\system32\nvvsvc.exe 16:36:59.0496 0x15e8 NVSvc - ok 16:36:59.0606 0x15e8 [ 44407283382D82C64C9195DE686D4205, 51BE011A0D4CB850B62B30324A9ED14EEC125F4B7AC46926014D9CCD2C10820D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 16:36:59.0730 0x15e8 nvUpdatusService - ok 16:36:59.0964 0x15e8 [ 916B143841D4E35C4452D2A1236D1AEC, 45EEA56DDB1F03132B4AC6CD627A72F7F09C9B471B86A7DE73D3350D79641966 ] NVWMI C:\Windows\system32\nvwmi64.exe 16:37:00.0167 0x15e8 NVWMI - ok 16:37:00.0245 0x15e8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:37:00.0276 0x15e8 nv_agp - ok 16:37:00.0292 0x15e8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:37:00.0323 0x15e8 ohci1394 - ok 16:37:00.0370 0x15e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:37:00.0432 0x15e8 p2pimsvc - ok 16:37:00.0464 0x15e8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 16:37:00.0526 0x15e8 p2psvc - ok 16:37:00.0573 0x15e8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 16:37:00.0620 0x15e8 Parport - ok 16:37:00.0651 0x15e8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:37:00.0682 0x15e8 partmgr - ok 16:37:00.0729 0x15e8 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:37:00.0791 0x15e8 PcaSvc - ok 16:37:00.0838 0x15e8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 16:37:00.0869 0x15e8 pci - ok 16:37:00.0916 0x15e8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 16:37:00.0932 0x15e8 pciide - ok 16:37:00.0978 0x15e8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:37:01.0010 0x15e8 pcmcia - ok 16:37:01.0041 0x15e8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 16:37:01.0072 0x15e8 pcw - ok 16:37:01.0150 0x15e8 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:37:01.0228 0x15e8 PEAUTH - ok 16:37:01.0337 0x15e8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:37:01.0493 0x15e8 PeerDistSvc - ok 16:37:01.0587 0x15e8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:37:01.0680 0x15e8 PerfHost - ok 16:37:01.0758 0x15e8 [ 52C9F4359AF4A25969B882AECC6F3BDA, 4776FD60E71FA96F67E79A8ECAE48A224790234308DC8DEBC7D389227C0728BE ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 16:37:01.0774 0x15e8 PHCORE - ok 16:37:01.0883 0x15e8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 16:37:02.0086 0x15e8 pla - ok 16:37:02.0164 0x15e8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:37:02.0242 0x15e8 PlugPlay - ok 16:37:02.0320 0x15e8 [ F485770EEC8959684CC4C4786B63C06C, 34ECC6D83782A2F8E9E32456F3C6C527999283775626C772D0354D232A10604A ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 16:37:02.0367 0x15e8 Pml Driver HPZ12 - ok 16:37:02.0398 0x15e8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:37:02.0445 0x15e8 PNRPAutoReg - ok 16:37:02.0476 0x15e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:37:02.0538 0x15e8 PNRPsvc - ok 16:37:02.0570 0x15e8 [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64 C:\Windows\system32\DRIVERS\point64.sys 16:37:02.0601 0x15e8 Point64 - ok 16:37:02.0648 0x15e8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:37:02.0772 0x15e8 PolicyAgent - ok 16:37:02.0804 0x15e8 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 16:37:02.0866 0x15e8 Power - ok 16:37:02.0897 0x15e8 [ 4CADD52E1669693937360C7ED680365B, 42AB4E08508743F26C7A90221E33F6346A1C2E4D0FAA703AF3B4C2674DD98D34 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 16:37:02.0928 0x15e8 Power Manager DBC Service - ok 16:37:02.0960 0x15e8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:37:03.0069 0x15e8 PptpMiniport - ok 16:37:03.0084 0x15e8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 16:37:03.0116 0x15e8 Processor - ok 16:37:03.0178 0x15e8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 16:37:03.0225 0x15e8 ProfSvc - ok 16:37:03.0240 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe 16:37:03.0272 0x15e8 ProtectedStorage - ok 16:37:03.0303 0x15e8 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 16:37:03.0334 0x15e8 psadd - ok 16:37:03.0365 0x15e8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:37:03.0474 0x15e8 Psched - ok 16:37:03.0521 0x15e8 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys 16:37:03.0552 0x15e8 PSI - ok 16:37:03.0584 0x15e8 [ 71399B176DE1CAEFD5AD4287ABB9E8A3, 4FEFDBD66B8478FFBF759667C2A3FC7A5EB47D14AFBC05B8B2C870538C66FE72 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 16:37:03.0615 0x15e8 PwmEWSvc - ok 16:37:03.0755 0x15e8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:37:03.0896 0x15e8 ql2300 - ok 16:37:03.0927 0x15e8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:37:03.0958 0x15e8 ql40xx - ok 16:37:04.0005 0x15e8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 16:37:04.0067 0x15e8 QWAVE - ok 16:37:04.0098 0x15e8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:37:04.0145 0x15e8 QWAVEdrv - ok 16:37:04.0161 0x15e8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:37:04.0254 0x15e8 RasAcd - ok 16:37:04.0301 0x15e8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:37:04.0395 0x15e8 RasAgileVpn - ok 16:37:04.0426 0x15e8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 16:37:04.0535 0x15e8 RasAuto - ok 16:37:04.0566 0x15e8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:37:04.0660 0x15e8 Rasl2tp - ok 16:37:04.0691 0x15e8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 16:37:04.0816 0x15e8 RasMan - ok 16:37:04.0847 0x15e8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:37:04.0941 0x15e8 RasPppoe - ok 16:37:04.0956 0x15e8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:37:05.0066 0x15e8 RasSstp - ok 16:37:05.0097 0x15e8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:37:05.0206 0x15e8 rdbss - ok 16:37:05.0237 0x15e8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:37:05.0268 0x15e8 rdpbus - ok 16:37:05.0284 0x15e8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:37:05.0378 0x15e8 RDPCDD - ok 16:37:05.0409 0x15e8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:37:05.0471 0x15e8 RDPDR - ok 16:37:05.0502 0x15e8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:37:05.0612 0x15e8 RDPENCDD - ok 16:37:05.0627 0x15e8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:37:05.0721 0x15e8 RDPREFMP - ok 16:37:05.0799 0x15e8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 16:37:05.0861 0x15e8 RdpVideoMiniport - ok 16:37:05.0892 0x15e8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:37:05.0955 0x15e8 RDPWD - ok 16:37:06.0002 0x15e8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:37:06.0033 0x15e8 rdyboost - ok 16:37:06.0095 0x15e8 [ 5A118234A2251D6CFB8A11DFE7AC4B4A, C79AEAA4D35C10F3C0F5F75E525FE8FB839F43C5EA0D83AE2D5FAB8FEB8F6ECF ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 16:37:06.0126 0x15e8 RegSrvc - ok 16:37:06.0173 0x15e8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:37:06.0267 0x15e8 RemoteAccess - ok 16:37:06.0298 0x15e8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:37:06.0407 0x15e8 RemoteRegistry - ok 16:37:06.0454 0x15e8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:37:06.0501 0x15e8 RFCOMM - ok 16:37:06.0532 0x15e8 [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys 16:37:06.0579 0x15e8 risdxc - ok 16:37:06.0594 0x15e8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:37:06.0704 0x15e8 RpcEptMapper - ok 16:37:06.0719 0x15e8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 16:37:06.0750 0x15e8 RpcLocator - ok 16:37:06.0813 0x15e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 16:37:06.0938 0x15e8 RpcSs - ok 16:37:06.0969 0x15e8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:37:07.0078 0x15e8 rspndr - ok 16:37:07.0094 0x15e8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:37:07.0125 0x15e8 s3cap - ok 16:37:07.0140 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs C:\Windows\system32\lsass.exe 16:37:07.0172 0x15e8 SamSs - ok 16:37:07.0187 0x15e8 SAService - ok 16:37:07.0218 0x15e8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:37:07.0250 0x15e8 sbp2port - ok 16:37:07.0296 0x15e8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:37:07.0406 0x15e8 SCardSvr - ok 16:37:07.0437 0x15e8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:37:07.0515 0x15e8 scfilter - ok 16:37:07.0608 0x15e8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 16:37:07.0780 0x15e8 Schedule - ok 16:37:07.0796 0x15e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:37:07.0889 0x15e8 SCPolicySvc - ok 16:37:07.0920 0x15e8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:37:07.0983 0x15e8 SDRSVC - ok 16:37:08.0014 0x15e8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:37:08.0108 0x15e8 secdrv - ok 16:37:08.0139 0x15e8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 16:37:08.0232 0x15e8 seclogon - ok 16:37:08.0388 0x15e8 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 16:37:08.0498 0x15e8 Secunia PSI Agent - ok 16:37:08.0591 0x15e8 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 16:37:08.0654 0x15e8 Secunia Update Agent - ok 16:37:08.0685 0x15e8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll 16:37:08.0778 0x15e8 SENS - ok 16:37:08.0810 0x15e8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:37:08.0856 0x15e8 SensrSvc - ok 16:37:08.0888 0x15e8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:37:08.0934 0x15e8 Serenum - ok 16:37:08.0966 0x15e8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:37:09.0012 0x15e8 Serial - ok 16:37:09.0044 0x15e8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:37:09.0075 0x15e8 sermouse - ok 16:37:09.0122 0x15e8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 16:37:09.0231 0x15e8 SessionEnv - ok 16:37:09.0262 0x15e8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:37:09.0293 0x15e8 sffdisk - ok 16:37:09.0309 0x15e8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:37:09.0356 0x15e8 sffp_mmc - ok 16:37:09.0371 0x15e8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:37:09.0402 0x15e8 sffp_sd - ok 16:37:09.0434 0x15e8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:37:09.0465 0x15e8 sfloppy - ok 16:37:09.0543 0x15e8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:37:09.0668 0x15e8 SharedAccess - ok 16:37:09.0714 0x15e8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:37:09.0839 0x15e8 ShellHWDetection - ok 16:37:09.0855 0x15e8 [ E2FC046D4EDABFE3B5EF7DA06406277D, DB2B2A3BE6DC85F414D969E16E8E770BB7ADFA6E44B5FA6725B76D17978DF22A ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 16:37:09.0902 0x15e8 Shockprf - ok 16:37:09.0933 0x15e8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:37:09.0964 0x15e8 SiSRaid2 - ok 16:37:09.0980 0x15e8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:37:10.0011 0x15e8 SiSRaid4 - ok 16:37:10.0089 0x15e8 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:37:10.0136 0x15e8 SkypeUpdate - ok 16:37:10.0167 0x15e8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:37:10.0260 0x15e8 Smb - ok 16:37:10.0307 0x15e8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:37:10.0354 0x15e8 SNMPTRAP - ok 16:37:10.0370 0x15e8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 16:37:10.0385 0x15e8 spldr - ok 16:37:10.0463 0x15e8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 16:37:10.0541 0x15e8 Spooler - ok 16:37:10.0822 0x15e8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 16:37:11.0165 0x15e8 sppsvc - ok 16:37:11.0181 0x15e8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:37:11.0306 0x15e8 sppuinotify - ok 16:37:11.0352 0x15e8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:37:11.0446 0x15e8 srv - ok 16:37:11.0508 0x15e8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:37:11.0571 0x15e8 srv2 - ok 16:37:11.0602 0x15e8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:37:11.0633 0x15e8 srvnet - ok 16:37:11.0680 0x15e8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:37:11.0789 0x15e8 SSDPSRV - ok 16:37:11.0805 0x15e8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:37:11.0914 0x15e8 SstpSvc - ok 16:37:11.0992 0x15e8 [ 6671439BA8E9B1D5E94E57885F382BD9, 6EFB42BA8F57ECE86DC605DFD0B6F5CF5D3C3835B7CF9DDAA3A43D5D2AD86978 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 16:37:16.0454 0x15e8 Stereo Service - ok 16:37:16.0485 0x15e8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:37:16.0500 0x15e8 stexstor - ok 16:37:16.0578 0x15e8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 16:37:16.0672 0x15e8 stisvc - ok 16:37:16.0688 0x15e8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:37:16.0719 0x15e8 storflt - ok 16:37:16.0750 0x15e8 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 16:37:16.0797 0x15e8 StorSvc - ok 16:37:16.0828 0x15e8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:37:16.0859 0x15e8 storvsc - ok 16:37:16.0968 0x15e8 [ B4351A27305C7C009B92C40102BC9161, 3955C9DAC488166E5B6DC1FD8110F1FA1A111A128DAEF89CD5835CB59A307ADA ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 16:37:16.0984 0x15e8 SUService - ok 16:37:17.0000 0x15e8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:37:17.0031 0x15e8 swenum - ok 16:37:17.0156 0x15e8 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 16:37:17.0234 0x15e8 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 ) 16:37:20.0010 0x15e8 Detect skipped due to KSN trusted 16:37:20.0010 0x15e8 SwitchBoard - ok 16:37:20.0088 0x15e8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 16:37:20.0213 0x15e8 swprv - ok 16:37:20.0307 0x15e8 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:37:20.0369 0x15e8 SynTP - ok 16:37:20.0510 0x15e8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 16:37:20.0697 0x15e8 SysMain - ok 16:37:20.0728 0x15e8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:37:20.0790 0x15e8 TabletInputService - ok 16:37:20.0837 0x15e8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 16:37:20.0946 0x15e8 TapiSrv - ok 16:37:20.0962 0x15e8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 16:37:21.0056 0x15e8 TBS - ok 16:37:21.0212 0x15e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:37:21.0383 0x15e8 Tcpip - ok 16:37:21.0524 0x15e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:37:21.0664 0x15e8 TCPIP6 - ok 16:37:21.0711 0x15e8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:37:21.0742 0x15e8 tcpipreg - ok 16:37:21.0773 0x15e8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:37:21.0804 0x15e8 TDPIPE - ok 16:37:21.0836 0x15e8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:37:21.0851 0x15e8 TDTCP - ok 16:37:21.0898 0x15e8 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:37:21.0945 0x15e8 tdx - ok 16:37:21.0976 0x15e8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:37:22.0007 0x15e8 TermDD - ok 16:37:22.0070 0x15e8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 16:37:22.0163 0x15e8 TermService - ok 16:37:22.0194 0x15e8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 16:37:22.0257 0x15e8 Themes - ok 16:37:22.0288 0x15e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 16:37:22.0382 0x15e8 THREADORDER - ok 16:37:22.0413 0x15e8 [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6, 6FB582C4BC0093A585942FB510B40C2222AF477A1D8DC22C3B3ACB3B83A9B31E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 16:37:22.0428 0x15e8 TPDIGIMN - ok 16:37:22.0444 0x15e8 [ F0684C62ED8FD3061CD488ECFC851022, 0F22F355C468512B25ED7BC3826146DCAA51BBC58EA59175EF911EFF91F3E363 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 16:37:22.0475 0x15e8 TPHDEXLGSVC - ok 16:37:22.0522 0x15e8 [ 8A1CAB578B61DD178A505B951229E6D7, ECA0E264F47638044DDE226A4C899299B651523AE91F44ECE496C0E3DC2F78A5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 16:37:22.0553 0x15e8 TPHKLOAD - ok 16:37:22.0569 0x15e8 [ 5B62F45C87CC0FB176C5358EEA6CFB4C, D3ED391278AE0F26BCF947057E63DD0CCA4FAD9D15C23D34E14A1F34571DAC77 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 16:37:22.0600 0x15e8 TPHKSVC - ok 16:37:22.0647 0x15e8 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys 16:37:22.0678 0x15e8 TPM - ok 16:37:22.0725 0x15e8 [ 7165B5A9B4867F64A6D6935F57D4196B, 716BF044005E11A84D2B114E4DBCDA390C7842EBD4B6E8FA710D2D002BAE09DC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 16:37:22.0740 0x15e8 TPPWRIF - ok 16:37:22.0772 0x15e8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 16:37:22.0881 0x15e8 TrkWks - ok 16:37:22.0943 0x15e8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:37:23.0037 0x15e8 TrustedInstaller - ok 16:37:23.0084 0x15e8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:37:23.0115 0x15e8 tssecsrv - ok 16:37:23.0146 0x15e8 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:37:23.0177 0x15e8 TsUsbFlt - ok 16:37:23.0208 0x15e8 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:37:23.0255 0x15e8 TsUsbGD - ok 16:37:23.0302 0x15e8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:37:23.0411 0x15e8 tunnel - ok 16:37:23.0442 0x15e8 [ 4DAAE0413CD4E816258838E2FAFB3147, 7D45621A0148C2EEA4302A5852D9407DCEF1947936E9E840788F01625E869CDD ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys 16:37:23.0458 0x15e8 TVTI2C - ok 16:37:23.0489 0x15e8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:37:23.0520 0x15e8 uagp35 - ok 16:37:23.0552 0x15e8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:37:23.0661 0x15e8 udfs - ok 16:37:23.0708 0x15e8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:37:23.0739 0x15e8 UI0Detect - ok 16:37:23.0786 0x15e8 [ 6640110398438BDC6CC8D48EEC8EDDC5, FDEF9250468CE85F9AE4239A139BFED21EF133D3050012D4DEBCFDF9B07E6D15 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys 16:37:23.0879 0x15e8 UimBus - ok 16:37:23.0942 0x15e8 [ 20BABEFA37F38B3CC26C0E9A26B844FF, F032E66092D585D43B65F5BF4D7DFEE7A3BE1B22E7C63E1CF3D74F0791E99918 ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys 16:37:24.0051 0x15e8 Uim_IM - ok 16:37:24.0098 0x15e8 [ 441E8BC5E68200038F0F1941A10C85F4, B93FB9DEC5365D526737A50C7958DB7441C515DF4AAACB6306998E18CF14F69B ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys 16:37:24.0191 0x15e8 Uim_VIM - ok 16:37:24.0238 0x15e8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:37:24.0269 0x15e8 uliagpkx - ok 16:37:24.0285 0x15e8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:37:24.0332 0x15e8 umbus - ok 16:37:24.0347 0x15e8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 16:37:24.0378 0x15e8 UmPass - ok 16:37:24.0425 0x15e8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 16:37:24.0472 0x15e8 UmRdpService - ok 16:37:24.0690 0x15e8 [ A69CD6BDB82872999D2E46F9324ADA83, 1F06D5B716D48E693A082C1FC49D80405F50D60C78FDF5829FF51F1CC11CF011 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 16:37:24.0909 0x15e8 UNS - ok 16:37:24.0971 0x15e8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 16:37:25.0096 0x15e8 upnphost - ok 16:37:25.0143 0x15e8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:37:25.0205 0x15e8 usbaudio - ok 16:37:25.0236 0x15e8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:37:25.0314 0x15e8 usbccgp - ok 16:37:25.0361 0x15e8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:37:25.0392 0x15e8 usbcir - ok 16:37:25.0439 0x15e8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:37:25.0470 0x15e8 usbehci - ok 16:37:25.0517 0x15e8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:37:25.0580 0x15e8 usbhub - ok 16:37:25.0626 0x15e8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:37:25.0658 0x15e8 usbohci - ok 16:37:25.0689 0x15e8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:37:25.0736 0x15e8 usbprint - ok 16:37:25.0782 0x15e8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:37:25.0829 0x15e8 usbscan - ok 16:37:25.0876 0x15e8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:37:25.0923 0x15e8 USBSTOR - ok 16:37:25.0970 0x15e8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:37:26.0001 0x15e8 usbuhci - ok 16:37:26.0048 0x15e8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 16:37:26.0094 0x15e8 usbvideo - ok 16:37:26.0141 0x15e8 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 16:37:26.0188 0x15e8 usb_rndisx - ok 16:37:26.0219 0x15e8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 16:37:26.0313 0x15e8 UxSms - ok 16:37:26.0328 0x15e8 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc C:\Windows\system32\lsass.exe 16:37:26.0360 0x15e8 VaultSvc - ok 16:37:26.0422 0x15e8 [ 58E2365E7FD880624F648C63C5D22009, 9E00C2EF3488B7477AFF75FA62F2B66FD54166C19DCA594216B23EB046335FF0 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 16:37:26.0453 0x15e8 VBoxNetAdp - ok 16:37:26.0469 0x15e8 VBoxNetFlt - ok 16:37:26.0500 0x15e8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:37:26.0531 0x15e8 vdrvroot - ok 16:37:26.0578 0x15e8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 16:37:26.0703 0x15e8 vds - ok 16:37:26.0734 0x15e8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:37:26.0765 0x15e8 vga - ok 16:37:26.0781 0x15e8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:37:26.0874 0x15e8 VgaSave - ok 16:37:26.0906 0x15e8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:37:26.0952 0x15e8 vhdmp - ok 16:37:26.0984 0x15e8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 16:37:27.0015 0x15e8 viaide - ok 16:37:27.0046 0x15e8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:37:27.0093 0x15e8 vmbus - ok 16:37:27.0108 0x15e8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:37:27.0140 0x15e8 VMBusHID - ok 16:37:27.0171 0x15e8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:37:27.0202 0x15e8 volmgr - ok 16:37:27.0233 0x15e8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:37:27.0296 0x15e8 volmgrx - ok 16:37:27.0327 0x15e8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:37:27.0374 0x15e8 volsnap - ok 16:37:27.0389 0x15e8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:37:27.0436 0x15e8 vsmraid - ok 16:37:27.0576 0x15e8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 16:37:27.0779 0x15e8 VSS - ok 16:37:27.0810 0x15e8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:37:27.0842 0x15e8 vwifibus - ok 16:37:27.0873 0x15e8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:37:27.0920 0x15e8 vwififlt - ok 16:37:27.0951 0x15e8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:37:27.0998 0x15e8 vwifimp - ok 16:37:28.0060 0x15e8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 16:37:28.0185 0x15e8 W32Time - ok 16:37:28.0200 0x15e8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:37:28.0232 0x15e8 WacomPen - ok 16:37:28.0278 0x15e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:37:28.0372 0x15e8 WANARP - ok 16:37:28.0372 0x15e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:37:28.0466 0x15e8 Wanarpv6 - ok 16:37:28.0606 0x15e8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 16:37:28.0762 0x15e8 wbengine - ok 16:37:28.0793 0x15e8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:37:28.0856 0x15e8 WbioSrvc - ok 16:37:28.0887 0x15e8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:37:28.0965 0x15e8 wcncsvc - ok 16:37:28.0980 0x15e8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:37:29.0043 0x15e8 WcsPlugInService - ok 16:37:29.0058 0x15e8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 16:37:29.0090 0x15e8 Wd - ok 16:37:29.0183 0x15e8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:37:29.0277 0x15e8 Wdf01000 - ok 16:37:29.0308 0x15e8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:37:29.0355 0x15e8 WdiServiceHost - ok 16:37:29.0370 0x15e8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:37:29.0402 0x15e8 WdiSystemHost - ok 16:37:29.0464 0x15e8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 16:37:29.0526 0x15e8 WebClient - ok 16:37:29.0573 0x15e8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:37:29.0698 0x15e8 Wecsvc - ok 16:37:29.0714 0x15e8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:37:29.0823 0x15e8 wercplsupport - ok 16:37:29.0854 0x15e8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 16:37:29.0948 0x15e8 WerSvc - ok 16:37:29.0979 0x15e8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:37:30.0072 0x15e8 WfpLwf - ok 16:37:30.0088 0x15e8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:37:30.0104 0x15e8 WIMMount - ok 16:37:30.0135 0x15e8 WinDefend - ok 16:37:30.0150 0x15e8 WinHttpAutoProxySvc - ok 16:37:30.0228 0x15e8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:37:30.0338 0x15e8 Winmgmt - ok 16:37:30.0509 0x15e8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 16:37:30.0712 0x15e8 WinRM - ok 16:37:30.0806 0x15e8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys 16:37:30.0837 0x15e8 WinUsb - ok 16:37:30.0930 0x15e8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:37:31.0055 0x15e8 Wlansvc - ok 16:37:31.0086 0x15e8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:37:31.0118 0x15e8 WmiAcpi - ok 16:37:31.0164 0x15e8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:37:31.0211 0x15e8 wmiApSrv - ok 16:37:31.0242 0x15e8 WMPNetworkSvc - ok 16:37:31.0274 0x15e8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:37:31.0320 0x15e8 WPCSvc - ok 16:37:31.0352 0x15e8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:37:31.0414 0x15e8 WPDBusEnum - ok 16:37:31.0430 0x15e8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:37:31.0523 0x15e8 ws2ifsl - ok 16:37:31.0586 0x15e8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll 16:37:31.0632 0x15e8 wscsvc - ok 16:37:31.0648 0x15e8 WSearch - ok 16:37:31.0835 0x15e8 [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv C:\Windows\system32\wuaueng.dll 16:37:32.0085 0x15e8 wuauserv - ok 16:37:32.0132 0x15e8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:37:32.0163 0x15e8 WudfPf - ok 16:37:32.0210 0x15e8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:37:32.0256 0x15e8 WUDFRd - ok 16:37:32.0303 0x15e8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:37:32.0334 0x15e8 wudfsvc - ok 16:37:32.0381 0x15e8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 16:37:32.0444 0x15e8 WwanSvc - ok 16:37:32.0724 0x15e8 [ A923222A8437E6C419AFC1A3BE32FF47, ED1132AE3548AC54D838F93B36A591F3EDB34A980409ED220077871DA5630E9A ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 16:37:32.0990 0x15e8 ZeroConfigService - ok 16:37:33.0068 0x15e8 ================ Scan global =============================== 16:37:33.0083 0x15e8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 16:37:33.0130 0x15e8 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 16:37:33.0177 0x15e8 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 16:37:33.0208 0x15e8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 16:37:33.0270 0x15e8 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 16:37:33.0286 0x15e8 [ Global ] - ok 16:37:33.0286 0x15e8 ================ Scan MBR ================================== 16:37:33.0302 0x15e8 [ B85B50C6A0D35AE5861C76696621A9FC ] \Device\Harddisk0\DR0 16:37:33.0863 0x15e8 \Device\Harddisk0\DR0 - ok 16:37:33.0863 0x15e8 ================ Scan VBR ================================== 16:37:33.0879 0x15e8 [ B319C3CA87AF16C9981175EC4D827B15 ] \Device\Harddisk0\DR0\Partition1 16:37:33.0879 0x15e8 \Device\Harddisk0\DR0\Partition1 - ok 16:37:33.0894 0x15e8 [ FF72A23B70F57AA11800F0C895D7A2CA ] \Device\Harddisk0\DR0\Partition2 16:37:33.0894 0x15e8 \Device\Harddisk0\DR0\Partition2 - ok 16:37:33.0926 0x15e8 [ 4D7B5619E5FD76B47F38E73BEC3D03B1 ] \Device\Harddisk0\DR0\Partition3 16:37:33.0926 0x15e8 \Device\Harddisk0\DR0\Partition3 - ok 16:37:33.0941 0x15e8 [ B85535610A46A83CEDE7E1449F4CEA38 ] \Device\Harddisk0\DR0\Partition4 16:37:33.0957 0x15e8 \Device\Harddisk0\DR0\Partition4 - ok 16:37:33.0957 0x15e8 ================ Scan generic autorun ====================== 16:37:33.0988 0x15e8 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe 16:37:34.0019 0x15e8 ForteConfig - ok 16:37:34.0066 0x15e8 [ 59684F3A784301D09ADF69E70DF979E8, 69B437914B91947FA2EF817FB83495EE86C065B886EA155A0CF354C7ED100DE1 ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe 16:37:34.0113 0x15e8 SmartAudio - ok 16:37:34.0144 0x15e8 [ 7EE88AA7B7F93CDA445921B6F8D9B89E, E8C40233E4EAE4660D481587E313A3542354FD4008B5165DB2393B0A87FC310D ] C:\Windows\system32\igfxtray.exe 16:37:34.0191 0x15e8 IgfxTray - ok 16:37:34.0222 0x15e8 [ 5D4069AEF369F011205CD71EACB5BBF7, 41769086CE903D4AA6572FB5DF6BCAE9647412E309537365AC31A89083B72FED ] C:\Windows\system32\hkcmd.exe 16:37:34.0269 0x15e8 HotKeysCmds - ok 16:37:34.0316 0x15e8 [ F0F898B89FD490AB77CC9D072B62004B, D0EAF4C0C993AA9ABB194AEADBBC09CF97FE3818ED22429CDBC60DF72423069A ] C:\Windows\system32\igfxpers.exe 16:37:34.0362 0x15e8 Persistence - ok 16:37:34.0394 0x15e8 [ 084F1404AE15651DF5F5246C2E3D5569, 52212D1CBDDE9B5C5210216094EEB0D7AF8B85CE7A61690023F24A43338AC0C0 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe 16:37:34.0409 0x15e8 LENOVO.TPKNRRES - ok 16:37:34.0409 0x15e8 SynTPEnh - ok 16:37:34.0550 0x15e8 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe 16:37:34.0674 0x15e8 MSC - ok 16:37:34.0799 0x15e8 [ DE9600C6DBCDC219EE13E6F14DD2369C, EB79AEAFC60FDEF00C9492ED5081EED9BCC598BD9472BE64F75A97475DCCCAF4 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 16:37:34.0908 0x15e8 NvBackend - ok 16:37:34.0924 0x15e8 PWMTRV - ok 16:37:34.0924 0x15e8 Sidebar - ok 16:37:34.0940 0x15e8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 16:37:34.0986 0x15e8 mctadmin - ok 16:37:35.0236 0x15e8 [ 2E0CF98623181D40BF79558387875F35, BC0E204D36CAF4864FD93A8FE260468320B7F5936ED338DF77DDE9A774C8C964 ] C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe 16:37:35.0454 0x15e8 FileHippo.com - ok 16:37:35.0642 0x15e8 [ 71A06FD49ED9DCC0926735B2EA4F019D, 41741831089179C09A4943D7D2C70C4C09E0F72E384476B91948398D27FDED20 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe 16:37:35.0969 0x15e8 WinPatrol - ok 16:37:36.0390 0x15e8 [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\t-cee\AppData\Local\Akamai\netsession_win.exe 16:37:36.0734 0x15e8 Akamai NetSession Interface - ok 16:37:36.0843 0x15e8 [ DA5FBAA5D62B4FD393947DE5EE8715BE, BA3FDF00AFCF2859585FB9D934E67D31CC7960C093A09F73F8F6AEFE86E9528E ] C:\Users\t-cee\AppData\Local\FluxSoftware\Flux\flux.exe 16:37:36.0905 0x15e8 F.lux - ok 16:37:36.0968 0x15e8 [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files (x86)\QuickTime\QTTask.exe 16:37:37.0014 0x15e8 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 ) 16:37:39.0807 0x15e8 Detect skipped due to KSN trusted 16:37:39.0807 0x15e8 QuickTime Task - ok 16:37:39.0807 0x15e8 Waiting for KSN requests completion. In queue: 125 16:37:40.0821 0x15e8 Waiting for KSN requests completion. In queue: 125 16:37:41.0835 0x15e8 Waiting for KSN requests completion. In queue: 125 16:37:42.0646 0x1b1c Object required for P2P: [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS 16:37:42.0849 0x15e8 Waiting for KSN requests completion. In queue: 79 16:37:43.0863 0x15e8 Waiting for KSN requests completion. In queue: 79 16:37:44.0877 0x15e8 Waiting for KSN requests completion. In queue: 79 16:37:45.0579 0x1b1c Object send P2P result: true 16:37:45.0594 0x1b1c Object required for P2P: [ AA3E844A2595B1AA5825C70CA50D963E ] wuauserv 16:37:45.0891 0x15e8 Waiting for KSN requests completion. In queue: 19 16:37:46.0905 0x15e8 Waiting for KSN requests completion. In queue: 19 16:37:47.0919 0x15e8 Waiting for KSN requests completion. In queue: 19 16:37:48.0449 0x1b1c Object send P2P result: true 16:37:48.0964 0x15e8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated ) 16:37:48.0964 0x15e8 Win FW state via NFP2: enabled ( trusted ) 16:37:51.0788 0x15e8 ============================================================ 16:37:51.0788 0x15e8 Scan finished 16:37:51.0788 0x15e8 ============================================================ 16:37:51.0803 0x14f0 Detected object count: 0 16:37:51.0803 0x14f0 Actual detected object count: 0 |
14.01.2016, 16:52 | #4 |
/// TB-Ausbilder | Anti Rootkit: Registry value "AppInit_Dlls" gefunden Servus, da ist kein Rootkit. Wir kontrollieren noch kurz: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
14.01.2016, 23:55 | #5 |
| Anti Rootkit: Registry value "AppInit_Dlls" gefunden AdwCleaner.txt Code:
ATTFilter # AdwCleaner v5.029 - Bericht erstellt am 14/01/2016 um 19:17:01 # Aktualisiert am 11/01/2016 von Xplode # Datenbank : 2016-01-12.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : name - name-THINK # Gestartet von : C:\Users\name\Desktop\AdwCleaner_5.029.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900} ***** [ Dateien ] ***** [-] Datei Gelöscht : C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\h6rodsf6.default-1401714618966\searchplugins\avira-safesearch.xml ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}] [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ***** [ Internetbrowser ] ***** [-] [C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\prefs.js] [Preference] Gelöscht : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1401193122); [-] [C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\26598o8d.default\prefs.js] [Preference] Gelöscht : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1345360862); [-] [C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\h6rodsf6.default-1401714618966\prefs.js] [Preference] Gelöscht : user_pref("browser.safebrowsing.appRepURL", "hxxps://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%"); [-] [C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\lsxerknw.name\prefs.js] [Preference] Gelöscht : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1401419849); ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2234 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.01.2016 Suchlaufzeit: 19:39 Protokolldatei: mbam Suchlaufprotokoll.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.01.14.05 Rootkit-Datenbank: v2016.01.09.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: name Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 460116 Abgelaufene Zeit: 21 Min., 54 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 1 PUP.Optional.APNToolBar, C:\Users\name\Documents\APNSetup.exe, In Quarantäne, [6d20c871fe9bb086a82f0926a95855ab], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01 durchgeführt von name (Administrator) auf name-THINK (14-01-2016 23:49:30) Gestartet von C:\Users\name\Desktop Geladene Profile: name (Verfügbare Profile: UpdatusUser & name & name) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe () C:\Windows\System32\nvwmi64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Windows\System32\nvwmi64.exe () C:\Windows\System32\nvwmi64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe (Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-25] (NVIDIA Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] () HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-27] (Ruiware) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-02-10] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{C4D58162-E1AA-40BF-8216-564603EAEAAC}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation) DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///H:/Mydlink/activeX/DCP.cab DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///H:/Mydlink/activeX/aplugLiteDL.cab FireFox: ======== FF ProfilePath: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Session Restore: -> ist aktiviert. FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei] FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-12-19] (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei] FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-12-19] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems) FF Plugin HKU\S-1-5-21-1502850821-2927420759-2148834354-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll [2012-08-30] (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-03] (Apple Inc.) FF Extension: Default Full Zoom Level - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-06-04] FF Extension: MeasureIt - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2015-06-04] FF Extension: NoScript - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-13] FF Extension: Avira Browser Safety - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\abs@avira.com [2016-01-13] FF Extension: Bing Search Engine - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\bingsearch.full@microsoft.com [2015-04-28] [ist nicht signiert] FF Extension: Firebug - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-21] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\name\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.) S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2012-02-27] (Lenovo.) S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-25] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon) S2 bckd; system32\drivers\bckd.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-14 23:48 - 2016-01-14 23:49 - 00001303 _____ C:\Users\name\Desktop\mbam Suchlaufprotokoll.txt 2016-01-14 19:39 - 2016-01-14 23:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-14 19:38 - 2016-01-14 19:38 - 00002312 _____ C:\Users\name\Desktop\AdwCleaner[C5].txt 2016-01-14 19:08 - 2016-01-14 19:08 - 01754112 _____ C:\Users\name\Desktop\AdwCleaner_5.029.exe 2016-01-14 16:35 - 2016-01-14 16:41 - 00231378 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_16.35.31_log.txt 2016-01-14 16:35 - 2016-01-14 16:35 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\name\Desktop\tdsskiller.exe 2016-01-14 09:44 - 2016-01-14 09:51 - 00000195 _____ C:\Users\name\Desktop\TODO.txt 2016-01-13 16:32 - 2016-01-13 16:33 - 00293350 _____ C:\Windows\ntbtlog.txt 2016-01-13 16:12 - 2016-01-13 16:12 - 00000533 _____ C:\Users\name\Desktop\trojanerboard.txt 2016-01-13 16:08 - 2016-01-13 16:19 - 00058407 _____ C:\Users\name\Desktop\Addition.txt 2016-01-13 16:07 - 2016-01-14 23:50 - 00020076 _____ C:\Users\name\Desktop\FRST.txt 2016-01-13 16:07 - 2016-01-13 16:07 - 02370560 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe 2016-01-13 13:47 - 2016-01-13 13:49 - 00000165 _____ C:\Users\name\Desktop\Trading Rules.txt 2016-01-08 18:55 - 2016-01-08 18:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-01-08 18:55 - 2016-01-08 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-01-08 18:49 - 2016-01-08 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-01-08 18:48 - 2016-01-08 18:49 - 00000000 ____D C:\Program Files\iTunes 2016-01-08 18:48 - 2016-01-08 18:49 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-01-08 18:48 - 2016-01-08 18:48 - 00000000 ____D C:\Program Files\iPod 2016-01-07 11:10 - 2016-01-07 11:10 - 00040929 _____ C:\Users\name\Desktop\Fax-2016-01-07-1.pdf 2015-12-15 14:10 - 2015-12-15 14:10 - 00000925 _____ C:\Users\name\Desktop\TB.lnk ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-01-14 23:49 - 2014-06-01 13:02 - 00000000 ____D C:\FRST 2016-01-14 23:48 - 2015-04-28 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-14 23:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-14 19:43 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-14 19:43 - 2009-07-14 05:45 - 00031072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-14 19:17 - 2014-06-01 14:19 - 00000000 ____D C:\AdwCleaner 2016-01-14 10:45 - 2015-11-21 17:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-14 10:45 - 2015-06-03 07:47 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-14 09:31 - 2012-03-30 13:23 - 00699682 _____ C:\Windows\system32\perfh007.dat 2016-01-14 09:31 - 2012-03-30 13:23 - 00149790 _____ C:\Windows\system32\perfc007.dat 2016-01-14 09:31 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-14 09:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-01-14 09:09 - 2012-07-20 10:31 - 00000000 ____D C:\Users\name\AppData\Local\Adobe 2016-01-13 21:33 - 2013-08-01 17:33 - 00000000 ____D C:\Users\name\AppData\Roaming\vlc 2016-01-13 17:15 - 2012-10-01 09:53 - 00000000 ____D C:\Users\name\AppData\Roaming\FileZilla 2016-01-13 16:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-13 16:22 - 2012-10-19 11:50 - 00000000 ____D C:\ProgramData\Avira 2016-01-13 16:02 - 2015-11-21 18:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-13 15:41 - 2015-04-08 10:04 - 00000000 ____D C:\Users\name\AppData\Local\CrashDumps 2016-01-13 13:00 - 2013-09-06 09:01 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-13 13:00 - 2012-10-19 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-01-12 20:42 - 2013-08-01 17:33 - 00000000 ____D C:\Users\name\AppData\Roaming\dvdcss 2016-01-08 19:52 - 2013-12-11 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-01-08 19:52 - 2012-05-06 11:20 - 00000000 ____D C:\Program Files\7-Zip 2016-01-08 19:52 - 2012-05-06 07:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 19:21 - 2014-02-14 08:11 - 00000000 ____D C:\ProgramData\TEMP 2016-01-08 19:21 - 2014-02-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2016-01-08 19:21 - 2014-02-14 08:10 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2016-01-08 19:20 - 2015-11-21 17:39 - 00002240 _____ C:\Users\name\Desktop\Kindle.lnk 2016-01-08 19:18 - 2015-01-16 10:05 - 00000000 ____D C:\Users\name\AppData\Roaming\Skype 2016-01-08 18:55 - 2015-01-16 10:05 - 00000000 ____D C:\Users\name\AppData\Local\Skype 2016-01-08 18:55 - 2014-11-17 10:34 - 00000000 ____D C:\ProgramData\Skype 2016-01-08 18:48 - 2013-09-27 09:57 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-01-08 18:41 - 2015-04-30 17:47 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk 2016-01-08 18:41 - 2015-04-30 17:47 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2016-01-08 18:32 - 2012-04-14 07:03 - 00099312 _____ C:\Users\name\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-07 11:27 - 2013-11-17 08:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-04 09:34 - 2012-05-12 16:37 - 00000000 ____D C:\Program Files (x86)\phase5 2015-12-23 09:52 - 2015-09-03 08:14 - 00000000 ____D C:\Users\name\.oracle_jre_usage 2015-12-19 09:08 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-10-07 13:02 - 2014-07-03 14:50 - 0001456 _____ () C:\Users\name\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2015-07-16 09:31 - 2015-07-16 09:31 - 0000275 _____ () C:\Users\name\AppData\Local\HamsterAudioConverterSettings.cfg 2012-07-17 08:16 - 2012-07-17 08:16 - 0007619 _____ () C:\Users\name\AppData\Local\recently-used.xbel 2013-10-29 16:24 - 2013-10-29 16:24 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-08-25 09:15 - 2013-08-27 07:59 - 0001534 _____ () C:\ProgramData\ss.ini Einige Dateien in TEMP: ==================== C:\Users\name\AppData\Local\Temp\avgnt.exe C:\Users\name\AppData\Local\Temp\avgnt.exe C:\Users\name\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-01-10 16:30 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 durchgeführt von name (2016-01-14 23:51:31) Gestartet von C:\Users\name\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-04-14 06:02:26) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1502850821-2927420759-2148834354-500 - Administrator - Disabled) Gast (S-1-5-21-1502850821-2927420759-2148834354-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1502850821-2927420759-2148834354-1003 - Limited - Enabled) name (S-1-5-21-1502850821-2927420759-2148834354-1004 - Limited - Enabled) => C:\Users\name name (S-1-5-21-1502850821-2927420759-2148834354-1001 - Administrator - Enabled) => C:\Users\name UpdatusUser (S-1-5-21-1502850821-2927420759-2148834354-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon) Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.242 - Amazon) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.70.00 - ) Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998929134.48.56.6499218 - Audible, Inc.) Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - ) Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) Deutsch (DE) + Pali (HKLM\...\{4CD3A532-B3F8-41D3-B91D-A9B6A53BE0E6}) (Version: 1.0.3.40 - Frank Snow) Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen) English (US) + Pali (HKLM\...\{281ECE0A-D2D9-4051-9104-FC193ED72362}) (Version: 1.0.3.40 - Frank Snow) FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) Forex Tester 2.8.10 (HKLM-x32\...\{F5EC7F6B-B68B-433C-AA20-54EDFE76191D}_is1) (Version: - Forex Tester Software) Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Hamster Free Audio Convertor (HKLM-x32\...\{F100D4D4-DFAA-4807-8D4F-0CD44E85F4EA}_is1) (Version: 1.0.0.18 - Hamster Soft) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson) import.io (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\{95981586-8D7F-49E9-9C7F-3AA704641471}_is1) (Version: 0.1 - import.io) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH) Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation) iTunes (HKLM\...\{8A4D15F4-2148-48DF-AC31-9513E5B734ED}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation) KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple) KeePass Password Safe 1.30 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.30 - Dominik Reichl) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited) Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname) LibreOffice 5.0.3.2 (HKLM-x32\...\{D61E7AA0-0380-49B9-8DDD-7685E2306176}) (Version: 5.0.3.2 - The Document Foundation) Logitech Media Server 7.7.2 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.2 - Logitech) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) Mozilla Thunderbird 38.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Node.js (HKLM\...\{1D65B406-5F81-4064-AF0B-A57368DA1DF2}) (Version: 4.1.0 - Node.js Foundation) NVIDIA 3D Vision Treiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation) NVIDIA Grafiktreiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation) NVIDIA WMI 2.19.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.19.0 - NVIDIA Corporation) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC) StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - ) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation) ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.67 - ) ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel) Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel) Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel) Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo) Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware) XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {03C8D2F7-C5F5-4207-8235-3D9C5A7028A2} - System32\Tasks\AdobeAAMUpdater-1.0-name-THINK-name => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6 Task: {0AF752F4-85D1-49AC-A567-6B356B0DE3B2} - System32\Tasks\Amazon Music Helper => C:\Users\name\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-11-19] () Task: {0EFF2205-FC92-44C3-9847-11F40B84514D} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe Task: {13882C03-37B4-4F56-A59E-3F043A6BC45D} - System32\Tasks\hpUtility.exe_{4952127C-3CC9-402C-86BE-02CBEC3351CE} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.) Task: {1949FBA0-C3CD-4D95-8CF4-D8C1EC416BE7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {1BF94E8A-9370-4315-AFAE-C59B52FBA257} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] () Task: {2A5074E8-5ACC-4D7C-B8E2-2B7689FB6C3A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () Task: {2E4027A1-1157-484A-B063-3FB599A1459B} - System32\Tasks\{E24F53F8-6B19-431A-B3EF-9CF1098307CE} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64de\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64de Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19 Task: {3B6F8732-8E3E-481A-B032-D48CCB0ABCA7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {3EA94329-78C3-4A77-80AB-3269078D89FB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {433DBF3A-E4D0-4A86-BB2E-BB02F9791D6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware! Task: {61294AAE-7DAC-42BD-9822-5DE8BD747EE3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-02-27] (Lenovo Group Limited) Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00 Task: {6BF96F74-1599-49D3-9FE3-346D681363F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated) Task: {76E282E5-6E12-4B64-8961-BEF23A694991} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {8594D661-1412-43A1-A9D5-0614214D5250} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5 Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4 Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3 Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16 Task: {B8D51834-255C-4F7F-A4B0-E0B06BF29BAB} - System32\Tasks\AdobeAAMUpdater-1.0-name-THINK-name => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {BC3130C8-46CE-49F7-B138-D5DC4142C139} - System32\Tasks\{3197195D-9DA6-42F7-9DA2-372026995E84} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64en\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64en Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1 Task: {CE893D65-78EE-4A76-B74F-22666E11AA10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {D315440B-7E86-4757-A9C9-B53736A53C4B} - System32\Tasks\{0537E27E-EA97-463E-946A-37794CC09C30} => Firefox.exe hxxp://ui.skype.com/ui/0/7.1.0.105/de/abandoninstall?source=lightinstaller&page=tsMain Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2 Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17 Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18 Task: {FB7DC5DC-1E7F-4A05-BFD7-F51EF09F2B08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-03-11 10:23 - 2015-02-25 11:33 - 02855624 _____ () C:\Windows\system32\nvwmi64.exe 2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2015-10-16 11:08 - 2015-10-16 11:08 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-03-30 03:50 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2012-03-30 03:54 - 2011-03-06 12:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe 2012-03-30 03:57 - 2012-02-27 19:07 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2013-03-18 16:26 - 2013-03-18 16:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\...\1001movie.com -> 1001movie.com Da befinden sich 6091 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2014-02-02 08:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: Datenträger ist nicht mit dem Internet verbunden. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: CxAudMsg => 2 MSCONFIG\Services: DozeSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LENOVO.MICMUTE => 2 MSCONFIG\Services: LENOVO.TPKNRSVC => 2 MSCONFIG\Services: Lenovo.VIRTSCRLSVC => 2 MSCONFIG\Services: LSCWinService => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NVSvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\Services: PSI_SVC_2 => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: SUService => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: TPHKLOAD => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Media Server-Taskleisten-Tool.lnk => C:\Windows\pss\Logitech Media Server-Taskleisten-Tool.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupfolder: C:^Users^name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk.Startup MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ALCKRESI.EXE => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TpShocks => TpShocks.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{066C2DF9-CE01-4893-B121-87F235C1F134}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{A5B9B913-A3B4-4DD2-B2DF-C56321165A50}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{160EDAE5-0C27-458D-87A6-3066CD0D82C3}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [{75F6B196-55D6-480C-B901-03BCFFB236D8}] => (Allow) D:\temp\INSTALL\HitmanPro36_x64.exe FirewallRules: [TCP Query User{52A79B02-8135-408B-9750-4AF5989255EA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{8BC156A1-2F42-4AF5-ACAB-8066253C28C6}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{A5473E19-00F0-4000-A819-134137585DBC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{88303A6F-0034-4C39-BE38-84AF27A853BB}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{AEF12D4E-2425-459F-957C-90493A64F0D8}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{5C281374-2030-4E70-98C9-CE179FF10FC2}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{A9F981A2-115B-4173-8E7C-5ED0CD8BEE96}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{C558B388-398C-4F15-B21A-347FDE89FF53}C:\users\name\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\name\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{195ECF43-0705-4DA6-8DCD-1CFC0B93B219}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{6147B0F1-D04B-4441-BA54-F3800AA260F0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{8696D3DC-FC61-402C-9C39-428E4EAC853A}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe FirewallRules: [TCP Query User{4C821D61-F9C9-4747-A8F8-8A718D04A1E0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{B9A98F6C-F641-4B77-982F-95B24D794CC4}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{61727C54-6F89-450B-A382-36B2D5C047BD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{CFA6039F-DBB5-434F-BD3E-A30519BF4107}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B8F8CF75-2307-4623-A95D-E8CEB5A5644B}] => (Allow) C:\Windows\SysWOW64\mshta.exe FirewallRules: [{88FF759B-370D-4EC7-A718-0C292F346AAB}] => (Allow) C:\Windows\SysWOW64\mshta.exe FirewallRules: [TCP Query User{FC0EC2CF-6001-4872-A2F3-B1850131C5E1}H:\autorun.exe] => (Allow) H:\autorun.exe FirewallRules: [UDP Query User{33724047-83FC-4804-B7A6-7F1E39AD9503}H:\autorun.exe] => (Allow) H:\autorun.exe FirewallRules: [{7355498D-AEDD-4AEE-8C67-E8815F74211A}] => (Block) H:\autorun.exe FirewallRules: [{2B21C366-880B-467E-AF17-DE60E47B8DC3}] => (Block) H:\autorun.exe FirewallRules: [TCP Query User{A3094DD1-F3E1-44F5-9120-0B4354A6C37A}D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe] => (Allow) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [UDP Query User{5CF5B29B-2385-4C54-A72D-D0808E138CD8}D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe] => (Allow) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{9D654DC8-8319-4DD1-918A-AEE3B37A0599}] => (Block) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{E5AE8C44-4CBE-45F5-89DC-D401BC27E379}] => (Block) D:\temp\install\setup_wizard_930l_v1.03.00\autorun.exe FirewallRules: [{8C20F360-D2C3-4D07-8DA6-B05C0F6A2C1B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{A691712E-8004-4553-8912-43CC657762A3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{942A1C3D-1199-49A4-A990-A1FC18564B60}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{C7BC6CBD-0449-44A3-AD6E-1ADABBA9B18C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe FirewallRules: [{B84D9E09-C4BB-4CCA-ADE2-1E26158A0AA5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{E0C9B70A-0611-45B6-9C7F-12A2A4D4C4A0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{D1227779-028C-40F0-80D3-BE31CB681B86}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{063109A6-3269-45A0-9947-65F30BC87640}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8E06DC3B-7B03-4B09-9872-E254DD72942D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0E82232A-E53B-4138-BBD7-D9B3CF54F7BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{82983104-15F9-4B8C-ABB2-1DFE08791558}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{D7A28448-629F-459E-A3C0-DD8584E2E215}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{30246298-8053-4C62-A327-9492A7EE0F4D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{ADD0BFD2-E479-4668-93BC-6E7B0CEFBBE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{22018C93-8433-4B62-8D33-DF63089F62D0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{CF667B67-D3E5-4B0B-8DEF-5530E70EBB81}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{632B4295-BD9D-4857-BBEF-F10FA49C9C12}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9B1BF0F2-4D92-4D92-8A95-C56E40CD3483}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{49DA3172-BEBA-4418-AD89-C0CF1F5DEE88}] => (Allow) LPort=12546 FirewallRules: [TCP Query User{D6C753CD-1316-4988-8059-651541217002}D:\temp\install\portfolio\portfolioperformance.exe] => (Allow) D:\temp\install\portfolio\portfolioperformance.exe FirewallRules: [UDP Query User{573A92C0-8317-45D7-BB82-206C8AEFAB57}D:\temp\install\portfolio\portfolioperformance.exe] => (Allow) D:\temp\install\portfolio\portfolioperformance.exe FirewallRules: [TCP Query User{A950BEE9-6F1F-4A38-BDA8-514486D18E69}D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe] => (Allow) D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe FirewallRules: [UDP Query User{ADBCFF48-4CF1-4A0A-9DC6-96BDD1F613D6}D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe] => (Allow) D:\projekte\trading\investements\tools\portfolio performance\portfolioperformance.exe FirewallRules: [{1F1AAA73-8A9F-4168-8272-B0A5C77EA5A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{152E6739-94D9-4EBB-8B63-7A07153ED1A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D3831111-458F-4F77-9D51-E4A30B699583}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{30D5E05E-9644-47F3-ABAA-259BC254D06F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3F175E59-CDFE-4507-83D8-7BDECDC31864}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C6D062E-7692-4DC1-8B7D-BA8DB0CFE03E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EA7F53E1-A8CA-487A-B1F4-E85690F23518}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe DomainProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI) DomainProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI) DomainProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI) DomainProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI) DomainProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI) DomainProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI) DomainProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI) DomainProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI) DomainProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI) DomainProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI) DomainProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI) DomainProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI) DomainProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI) DomainProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI) DomainProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI) DomainProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp DomainProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp StandardProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI) StandardProfile\GloballyOpenPorts: [9001:TCP] => Enabled:Logitech Media Server 9001 tcp (UI) StandardProfile\GloballyOpenPorts: [9002:TCP] => Enabled:Logitech Media Server 9002 tcp (UI) StandardProfile\GloballyOpenPorts: [9003:TCP] => Enabled:Logitech Media Server 9003 tcp (UI) StandardProfile\GloballyOpenPorts: [9004:TCP] => Enabled:Logitech Media Server 9004 tcp (UI) StandardProfile\GloballyOpenPorts: [9005:TCP] => Enabled:Logitech Media Server 9005 tcp (UI) StandardProfile\GloballyOpenPorts: [9006:TCP] => Enabled:Logitech Media Server 9006 tcp (UI) StandardProfile\GloballyOpenPorts: [9007:TCP] => Enabled:Logitech Media Server 9007 tcp (UI) StandardProfile\GloballyOpenPorts: [9008:TCP] => Enabled:Logitech Media Server 9008 tcp (UI) StandardProfile\GloballyOpenPorts: [9009:TCP] => Enabled:Logitech Media Server 9009 tcp (UI) StandardProfile\GloballyOpenPorts: [9010:TCP] => Enabled:Logitech Media Server 9010 tcp (UI) StandardProfile\GloballyOpenPorts: [9100:TCP] => Enabled:Logitech Media Server 9100 tcp (UI) StandardProfile\GloballyOpenPorts: [8000:TCP] => Enabled:Logitech Media Server 8000 tcp (UI) StandardProfile\GloballyOpenPorts: [10000:TCP] => Enabled:Logitech Media Server 10000 tcp (UI) StandardProfile\GloballyOpenPorts: [9090:TCP] => Enabled:Logitech Media Server 9090 tcp (UI) StandardProfile\GloballyOpenPorts: [3483:UDP] => Enabled:Logitech Media Server 3483 udp StandardProfile\GloballyOpenPorts: [3483:TCP] => Enabled:Logitech Media Server 3483 tcp ==================== Wiederherstellungspunkte ========================= 07-01-2016 10:00:55 Windows Update 08-01-2016 18:45:17 Installed iTunes 10-01-2016 19:23:13 Windows Update 14-01-2016 20:20:23 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: bckd Description: bckd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bckd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (01/14/2016 11:46:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2016 07:19:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2016 06:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2016 12:47:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/14/2016 09:31:09 AM) (Source: MsiInstaller) (EventID: 1024) (User: name-THINK) Description: Produkt: Adobe Acrobat Reader DC - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (01/14/2016 09:00:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2016 04:35:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2016 04:25:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2016 04:13:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm FRST64.exe, Version 3.3.14.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fa4 Startzeit: 01d14e141cb4cdd3 Endzeit: 15 Anwendungspfad: C:\Users\name\Desktop\FRST64.exe Berichts-ID: Error: (01/13/2016 03:50:11 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Systemfehler: ============= Error: (01/14/2016 11:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/14/2016 07:18:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "bckd" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/14/2016 07:17:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error: (01/14/2016 07:17:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error: (01/14/2016 07:17:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error: (01/14/2016 07:17:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error: (01/14/2016 07:17:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.213.2750.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/14/2016 07:17:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.213.2750.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.8.0204.00 Quellpfad: 4.8.0204.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/14/2016 07:17:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/14/2016 07:17:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2014-02-02 08:17:34.626 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.423 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.236 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-02-02 08:17:34.064 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-07-16 15:05:01.912 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-07-16 15:05:01.874 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz Prozentuale Nutzung des RAM: 36% Installierter physikalischer RAM: 8075.23 MB Verfügbarer physikalischer RAM: 5144.04 MB Summe virtueller Speicher: 16148.68 MB Verfügbarer virtueller Speicher: 13630.77 MB ==================== Laufwerke ================================ Drive c: (Windows7_OS) (Fixed) (Total:100 GB) (Free:16.28 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (data) (Fixed) (Total:348.67 GB) (Free:325.85 GB) NTFS Drive h: (SOPRANOS_SEASON) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.11 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B2FF4958) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=348.7 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
15.01.2016, 15:10 | #6 |
/// TB-Ausbilder | Anti Rootkit: Registry value "AppInit_Dlls" gefunden Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start CloseProcesses: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6 Task: {2E4027A1-1157-484A-B063-3FB599A1459B} - System32\Tasks\{E24F53F8-6B19-431A-B3EF-9CF1098307CE} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64de\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64de Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19 Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware! Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00 Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5 Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4 Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3 Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16 Task: {BC3130C8-46CE-49F7-B138-D5DC4142C139} - System32\Tasks\{3197195D-9DA6-42F7-9DA2-372026995E84} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64en\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64en Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1 Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2 Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17 Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18 AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 EmptyTemp: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
17.01.2016, 15:52 | #7 |
| Anti Rootkit: Registry value "AppInit_Dlls" gefunden Hi Matthias, der Computer läuft, keine weiteren Probleme. Nur noch eine Frage: Sollte ich auch nochmal das MBAM Anti Rootkit-Tool durchlaufen lassen, hier war ja der Fund aufgetreten. Hier die Logs... Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 durchgeführt von name (2016-01-15 17:48:55) Run:2 Gestartet von C:\Users\name\Desktop Geladene Profile: name (Verfügbare Profile: UpdatusUser & name & name) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** start CloseProcesses: HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG Task: {0AAC0C8F-17F9-44D9-8633-99800402F7B4} - System32\Tasks\awareness6 Task: {2E4027A1-1157-484A-B063-3FB599A1459B} - System32\Tasks\{E24F53F8-6B19-431A-B3EF-9CF1098307CE} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64de\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64de Task: {3316434C-3712-4FC7-A669-6C670554C817} - System32\Tasks\be aware! 19 Task: {5E241B72-DD17-4ABF-9A35-042ED30B2E01} - System32\Tasks\be aware! Task: {6BE59280-6519-4482-B234-3FF1A1372790} - System32\Tasks\aware00 Task: {880D2868-EE2E-4A74-9A7A-CE4EED02188D} - System32\Tasks\awareness5 Task: {88CB84E9-B6C5-443D-A74D-E1F81679658C} - System32\Tasks\awareness4 Task: {898DC75A-40B7-447B-8546-FC4D0E134300} - System32\Tasks\awareness3 Task: {A29BF6F0-A657-47DB-970D-04ACBBF9A0AD} - System32\Tasks\be aware 16 Task: {BC3130C8-46CE-49F7-B138-D5DC4142C139} - System32\Tasks\{3197195D-9DA6-42F7-9DA2-372026995E84} => pcalua.exe -a D:\temp\INSTALL\lide500fvst6411222a_64en\SetupSG.exe -d D:\temp\INSTALL\lide500fvst6411222a_64en Task: {CC9B9E00-0D49-4D00-8EC0-D45AF6454684} - System32\Tasks\Awareness1 Task: {D509974F-B4A2-4F4D-B101-5F462082506D} - System32\Tasks\Awareness2 Task: {D5E18281-C555-4285-9DFC-0CC5EB556E1D} - System32\Tasks\be aware! 17 Task: {EBE7144C-7860-422B-AFA9-292E85F0A8A7} - System32\Tasks\be aware! 18 AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 EmptyTemp: end ***************** Prozess erfolgreich geschlossen. "HKU\S-1-5-21-1502850821-2927420759-2148834354-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAC0C8F-17F9-44D9-8633-99800402F7B4}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAC0C8F-17F9-44D9-8633-99800402F7B4}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\awareness6 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\awareness6" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E4027A1-1157-484A-B063-3FB599A1459B}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E4027A1-1157-484A-B063-3FB599A1459B}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\{E24F53F8-6B19-431A-B3EF-9CF1098307CE} => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E24F53F8-6B19-431A-B3EF-9CF1098307CE}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3316434C-3712-4FC7-A669-6C670554C817}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3316434C-3712-4FC7-A669-6C670554C817}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\be aware! 19 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\be aware! 19" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E241B72-DD17-4ABF-9A35-042ED30B2E01}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E241B72-DD17-4ABF-9A35-042ED30B2E01}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\be aware! => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\be aware!" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BE59280-6519-4482-B234-3FF1A1372790}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BE59280-6519-4482-B234-3FF1A1372790}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\aware00 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aware00" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{880D2868-EE2E-4A74-9A7A-CE4EED02188D}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{880D2868-EE2E-4A74-9A7A-CE4EED02188D}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\awareness5 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\awareness5" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88CB84E9-B6C5-443D-A74D-E1F81679658C}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CB84E9-B6C5-443D-A74D-E1F81679658C}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\awareness4 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\awareness4" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{898DC75A-40B7-447B-8546-FC4D0E134300}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{898DC75A-40B7-447B-8546-FC4D0E134300}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\awareness3 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\awareness3" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A29BF6F0-A657-47DB-970D-04ACBBF9A0AD}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A29BF6F0-A657-47DB-970D-04ACBBF9A0AD}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\be aware 16 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\be aware 16" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC3130C8-46CE-49F7-B138-D5DC4142C139}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC3130C8-46CE-49F7-B138-D5DC4142C139}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\{3197195D-9DA6-42F7-9DA2-372026995E84} => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3197195D-9DA6-42F7-9DA2-372026995E84}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC9B9E00-0D49-4D00-8EC0-D45AF6454684}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC9B9E00-0D49-4D00-8EC0-D45AF6454684}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\Awareness1 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Awareness1" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D509974F-B4A2-4F4D-B101-5F462082506D}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D509974F-B4A2-4F4D-B101-5F462082506D}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\Awareness2 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Awareness2" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5E18281-C555-4285-9DFC-0CC5EB556E1D}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5E18281-C555-4285-9DFC-0CC5EB556E1D}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\be aware! 17 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\be aware! 17" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBE7144C-7860-422B-AFA9-292E85F0A8A7}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE7144C-7860-422B-AFA9-292E85F0A8A7}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\be aware! 18 => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\be aware! 18" => Schlüssel erfolgreich entfernt C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS erfolgreich entfernt. C:\ProgramData\TEMP => ":5C321E34" ADS erfolgreich entfernt. EmptyTemp: => 840.1 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 17:49:20 ==== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # engine=21254 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-25 09:24:26 # local_time=2014-11-25 10:24:26 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 52501 282373956 0 0 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 6438763 39931060 0 0 # scanned=211506 # found=0 # cleaned=0 # scan_time=33092 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # end=init # utc_time=2016-01-15 04:54:05 # local_time=2016-01-15 05:54:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27662 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # end=updated # utc_time=2016-01-15 04:57:55 # local_time=2016-01-15 05:57:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # engine=27662 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-01-15 06:50:41 # local_time=2016-01-15 07:50:41 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 21383613 75864235 0 0 # scanned=83588 # found=0 # cleaned=0 # scan_time=6765 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # end=init # utc_time=2016-01-17 10:17:48 # local_time=2016-01-17 11:17:48 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27680 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # end=updated # utc_time=2016-01-17 10:19:10 # local_time=2016-01-17 11:19:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=246bc3d6158ffa4a8fbc96c396a7d73f # engine=27680 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-01-17 02:29:22 # local_time=2016-01-17 03:29:22 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 21540734 76021356 0 0 # scanned=225092 # found=0 # cleaned=0 # scan_time=15011 |
18.01.2016, 16:31 | #8 | ||||||||
/// TB-Ausbilder | Anti Rootkit: Registry value "AppInit_Dlls" gefunden Servus, das ein Wert unter AppInit gefunden wird, heißt nicht automatisch, dass da ein Rootkit ist. Aber du kannst ja nochmal scannen, wenn es dich beruhigt. Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup: Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank: Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
21.01.2016, 13:38 | #9 |
/// TB-Ausbilder | Anti Rootkit: Registry value "AppInit_Dlls" gefunden Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
11.03.2016, 09:33 | #10 |
| Anti Rootkit: Registry value "AppInit_Dlls" gefunden Hi MKDB, enschuldige, dass ich mich nicht mehr gemeldet habe. Habe den Thread irgendwie vergessen. Darum abschließend nochmal vielen Dank für Deine großartige Hilfe und Geduld! Viele Grüße wenjin |
Themen zu Anti Rootkit: Registry value "AppInit_Dlls" gefunden |
akamai, antivirus, avira, bildschirm, bonjour, combofix, cpu, dnsapi.dll, error, failed, festplatte, flash player, installation, mozilla, officejet, panda usb vaccine, popup, prozesse, registry, rootkit, rundll, scan, security, software, svchost.exe, system, teredo, usb, windows |